Worm

Worm:Win32/Potonup.A removal guide

Malware Removal

The Worm:Win32/Potonup.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Potonup.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Potonup.A?


File Info:

name: 2E1577CAA2DB45DDCABE.mlw
path: /opt/CAPEv2/storage/binaries/71b247847c2613c6033fec454d7e79ddc0634a904fe386694b2e81620697e3b8
crc32: BCE3DB96
md5: 2e1577caa2db45ddcabe38bbb274b573
sha1: 15a4ff21b6af7707cedf821d680b6f1b4ea195c9
sha256: 71b247847c2613c6033fec454d7e79ddc0634a904fe386694b2e81620697e3b8
sha512: f8dbfa9affb997a9402ddb47da93e24f2bc7aad9c15ce98fee9c2870c45dd3e6fb877dd5870138c678967b574482d1b82a434805308ebd0b8ffa0f4318050661
ssdeep: 384:/TpXJ/c2Yvd6MWhtZTq35kr1NBW4ELRxRxxRxRovkBHDE0SQ0kX:/tXCZrsZTe5krrELRxRxxRxRPBj6a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EAE29653BA2C4562F6044AF208B94BE517277D211F80CE1F162BBE2C2E35642ABF565F
sha3_384: 5ead3398583f74847ab1fe62d3ec5355a3b06f1b44b97f47719e96ae895b9d00c1ab48386710f901d9d9ca0cf8d3d8a5
ep_bytes: 68ac204000e8eeffffff000000000000
timestamp: 2009-06-20 13:14:56

Version Info:

Translation: 0x0c0a 0x04b0
CompanyName: BCN
ProductName: virusnep
FileVersion: 1.00
ProductVersion: 1.00
InternalName: fotos
OriginalFilename: fotos.exe

Worm:Win32/Potonup.A also known as:

LionicTrojan.Win32.VB.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.cm0@fPUaabH
McAfeeGenericRXAA-AA!2E1577CAA2DB
MalwarebytesGeneric.Malware/Suspicious
ZillyaDownloader.VB.Win32.8209
SangforWorm.Win32.Potonup.Vcl9
K7AntiVirusTrojan ( 0001140e1 )
AlibabaWorm:Win32/Potonup.931dd3f2
K7GWTrojan ( 0001140e1 )
Cybereasonmalicious.aa2db4
CyrenW32/Downloader.ALSR-3959
SymantecW32.SillyIM
ESET-NOD32Win32/VB.NRU
APEXMalicious
KasperskyTrojan-Downloader.Win32.VB.qrf
BitDefenderGen:Trojan.Heur.cm0@fPUaabH
NANO-AntivirusTrojan.Win32.VB.brqafh
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.13b16039
EmsisoftGen:Trojan.Heur.cm0@fPUaabH (B)
DrWebTrojan.DownLoad1.1855
VIPREGen:Trojan.Heur.cm0@fPUaabH
TrendMicroTROJ_GEN.R067C0ODM23
McAfee-GW-EditionBehavesLike.Win32.Infected.nz
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.2e1577caa2db45dd
SophosMal/VB-F
IkarusVirus.Win32.Vtub
GDataGen:Trojan.Heur.cm0@fPUaabH
Antiy-AVLTrojan/Win32.VB
XcitiumMalware@#weyci0gxnll4
ArcabitTrojan.Heur.EAF85D
ZoneAlarmTrojan-Downloader.Win32.VB.qrf
MicrosoftWorm:Win32/Potonup.A
GoogleDetected
BitDefenderThetaAI:Packer.1CF67E661B
ALYacGen:Trojan.Heur.cm0@fPUaabH
MAXmalware (ai score=84)
VBA32TrojanDownloader.VB
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallTROJ_GEN.R067C0ODM23
RisingSpyware.KeyLogger!1.9946 (CLASSIC)
YandexTrojan.GenAsa!HS1t7f2uv60
MaxSecureTrojan.Malware.898655.susgen
FortinetMalware_fam.A
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Worm:Win32/Potonup.A?

Worm:Win32/Potonup.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment