What is “Win32/Ruanmei.C potentially unwanted”?

The Win32/Ruanmei.C potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Ruanmei.C potentially unwanted virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.

How to determine Win32/Ruanmei.C potentially unwanted?


File Info:
crc32: 0AFEBC3E
md5: af17c7b6a58fedec31f71b8fc09a90ae
name: mofangwendujiance_v2.3.exe
sha1: bfe3568f857aff32733006fe0497fc4fdfb1f52c
sha256: c5a1409d43f8a23abb48ee387222f73d4c1860882a03f25809048efb4b3277b2
sha512: 0be9c64e6ec04339e42a78d1d4fa0fbff76b5107555b3053881caf4bc28f31882b31a4f7a844afde7317b964d198b7f4591bbaa776ae2e9ee42a4b3e2d21389b
ssdeep: 12288:1EKmXcJkcpFQauaM3YEYKrC1h6Hh6UAvmKXO54MBP6wb7ee2JCgBw:O5cp6daAYEY71hShfmpO5JBPrbie5gm
type: PE32+ executable (GUI) x86-64, for MS Windows

Version Info:
LegalCopyright: Copyright 2012
InternalName: TempMon
FileVersion: 1.7.9.0
CompanyName: x9752x5c9bx8f6fx5a92x7f51x7edcx79d1x6280x6709x9650x516cx53f8
ProductName: x9b54x65b9x6e29x5ea6x76d1x6d4b
ProductVersion: 1.7.9.0
FileDescription: x9b54x65b9x6e29x5ea6x76d1x6d4b
OriginalFilename: TempMon.exe
Translation: 0x0804 0x04b0

Win32/Ruanmei.C potentially unwanted also known as:

DrWeb	Trojan.MulDrop7.9276
McAfee	RDN/Generic.dx
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Gasti.4!c
Sangfor	Malware
TrendMicro	TROJ_GEN.R007C0PA720
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Gasti.im
Alibaba	Trojan:Win32/Gasti.c35be772
NANO-Antivirus	Trojan.Win64.Gasti.fqxuwd
Sophos	Generic PUA LP (PUA)
Comodo	Malware@#2h5g1c6sdntfh
F-Secure	Trojan.TR/Gasti.otgyp
Zillya	Trojan.Gasti.Win32.60
McAfee-GW-Edition	BehavesLike.Win64.Ramnit.bc
Cyren	W64/Trojan.FNVP-8233
Jiangmin	Trojan.Alien.ex
Avira	TR/Gasti.otgyp
Endgame	malicious (high confidence)
ZoneAlarm	Trojan.Win32.Gasti.im
Microsoft	Trojan:Win32/Wacatac.C!ml
AhnLab-V3	Malware/Win64.Generic.C3311298
VBA32	Trojan.Gasti
TACHYON	Trojan/W64.Gasti.811135
ESET-NOD32	a variant of Win32/Ruanmei.C potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R007C0PA720
Tencent	Win32.Trojan.Gasti.Lnnz
eGambit	Trojan.Generic
Fortinet	Riskware/Ruanmei
AVG	Win64:Malware-gen
Panda	Trj/CI.A
Qihoo-360	Win32/Trojan.IM.367

How to remove Win32/Ruanmei.C potentially unwanted?

Win32/Ruanmei.C potentially unwanted removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X