How to remove "Win64:PUP-gen [PUP]"?

The Win64:PUP-gen [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win64:PUP-gen [PUP] virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Uses Windows utilities for basic functionality
Creates a hidden or system file
Attempts to modify proxy settings

Related domains:

jq.qq.com

www.bing.com

ocsp.dcocsp.cn

qm.qq.com

How to determine Win64:PUP-gen [PUP]?


File Info:
crc32: 6A6410DA
md5: e89d858f8b9cf41e090c446513a79138
name: salikhac.exe
sha1: ee899c233da667985eb6dcc3023d7d80e7384687
sha256: b908c4c07042d2b4045ce0c67a32a7025a7b851567dfcf84e4b53adfb66cf282
sha512: dc0efd00b9f113068ecf1fe07e62dfff052c24430681e6b4f63e56456e191f4b882e4d6a843ce14aa0b7405d5cb830c8fb27dd52613e3610cb417472fbc3aed5
ssdeep: 49152:UJQwMhbAblJ/06JtTKIxFtA4y5uJ/mKc1CivG3cVXcYz7NWu22wS3BNM:WQwMhbAblJ/06JtTKIxFtA4y5uJ/vc1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x672cx8f6fx4ef6x4ec5x4f9bx4ea4x6d41x5b66x4e60xff0cx8bf7x5728x4e0bx8f7dx540e24x5c0fx65f6x5185x5220x9664x3002
FileVersion: 1.0.0.0
CompanyName: Loser
Comments: x672cx8f6fx4ef6x4ec5x4f9bx4ea4x6d41x5b66x4e60xff0cx8bf7x5728x4e0bx8f7dx540e24x5c0fx65f6x5185x5220x9664x3002
ProductName: x6ca1x540d
ProductVersion: 1.0.0.0
FileDescription: QQx7fa41095630435
Translation: 0x0804 0x04b0

Win64:PUP-gen [PUP] also known as:

Bkav	W32.HfsAutoB.
DrWeb	Trojan.Rootkit.22087
MicroWorld-eScan	Trojan.GenericKD.33741319
McAfee	Artemis!E89D858F8B9C
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Adware ( 005071f51 )
BitDefender	Trojan.GenericKD.33741319
K7GW	Adware ( 005071f51 )
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Trojan.Generic.D202DA07
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34108.5v1@aqjha!jb
F-Prot	W32/Agent.EW.gen!Eldorado
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R002H0CDT20
Paloalto	generic.ml
ClamAV	Win.Malware.Gotango-7000352-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Ransom:Win32/Wannaren.b576d936
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
ViRobot	Trojan.Win32.Z.Agent.1990071
AegisLab	Trojan.Win32.Poison.kYJP
Rising	Trojan.Generic!8.C3 (CLOUD)
Ad-Aware	Trojan.GenericKD.33741319
Emsisoft	Trojan.GenericKD.33741319 (B)
Comodo	Backdoor.Win32.SkSocket.AD@5t7qie
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
Fortinet	Riskware/Generic
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.e89d858f8b9cf41e
Sophos	Generic PUA OO (PUA)
Ikarus	Trojan.Win32.Antavmu
Cyren	W32/Agent.EW.gen!Eldorado
MAX	malware (ai score=86)
Antiy-AVL	GrayWare/Win32.FlyStudio.a
Endgame	malicious (high confidence)
Microsoft	Trojan:Win32/Occamy.C
ZoneAlarm	HEUR:Trojan.Win32.Generic
AhnLab-V3	Trojan/Win32.Black.R135897
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
ALYac	Trojan.GenericKD.33741319
APEX	Malicious
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
GData	Trojan.GenericKD.33741319
AVG	Win64:PUP-gen [PUP]
Avast	Win64:PUP-gen [PUP]
Qihoo-360	Generic/HEUR/QVM19.1.DF24.Malware.Gen

How to remove Win64:PUP-gen [PUP]?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Win64:PUP-gen [PUP]”?