Categories: Worm

Worm:Win32/Potonup.A removal guide

The Worm:Win32/Potonup.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Potonup.A virus can do?

Behavioural detection: Executable code extraction – unpacking
Unconventionial language used in binary resources: Spanish (Modern)
Authenticode signature is invalid
Attempts to modify proxy settings
Harvests cookies for information gathering
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Potonup.A?


File Info:
name: 2E1577CAA2DB45DDCABE.mlwpath: /opt/CAPEv2/storage/binaries/71b247847c2613c6033fec454d7e79ddc0634a904fe386694b2e81620697e3b8crc32: BCE3DB96md5: 2e1577caa2db45ddcabe38bbb274b573sha1: 15a4ff21b6af7707cedf821d680b6f1b4ea195c9sha256: 71b247847c2613c6033fec454d7e79ddc0634a904fe386694b2e81620697e3b8sha512: f8dbfa9affb997a9402ddb47da93e24f2bc7aad9c15ce98fee9c2870c45dd3e6fb877dd5870138c678967b574482d1b82a434805308ebd0b8ffa0f4318050661ssdeep: 384:/TpXJ/c2Yvd6MWhtZTq35kr1NBW4ELRxRxxRxRovkBHDE0SQ0kX:/tXCZrsZTe5krrELRxRxxRxRPBj6atype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1EAE29653BA2C4562F6044AF208B94BE517277D211F80CE1F162BBE2C2E35642ABF565Fsha3_384: 5ead3398583f74847ab1fe62d3ec5355a3b06f1b44b97f47719e96ae895b9d00c1ab48386710f901d9d9ca0cf8d3d8a5ep_bytes: 68ac204000e8eeffffff000000000000timestamp: 2009-06-20 13:14:56
Version Info:
Translation: 0x0c0a 0x04b0CompanyName: BCNProductName: virusnepFileVersion: 1.00ProductVersion: 1.00InternalName: fotosOriginalFilename: fotos.exe

Worm:Win32/Potonup.A also known as:

Lionic	Trojan.Win32.VB.a!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.cm0@fPUaabH
McAfee	GenericRXAA-AA!2E1577CAA2DB
Malwarebytes	Generic.Malware/Suspicious
Zillya	Downloader.VB.Win32.8209
Sangfor	Worm.Win32.Potonup.Vcl9
K7AntiVirus	Trojan ( 0001140e1 )
Alibaba	Worm:Win32/Potonup.931dd3f2
K7GW	Trojan ( 0001140e1 )
Cybereason	malicious.aa2db4
Cyren	W32/Downloader.ALSR-3959
Symantec	W32.SillyIM
ESET-NOD32	Win32/VB.NRU
APEX	Malicious
Kaspersky	Trojan-Downloader.Win32.VB.qrf
BitDefender	Gen:Trojan.Heur.cm0@fPUaabH
NANO-Antivirus	Trojan.Win32.VB.brqafh
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.13b16039
Emsisoft	Gen:Trojan.Heur.cm0@fPUaabH (B)
DrWeb	Trojan.DownLoad1.1855
VIPRE	Gen:Trojan.Heur.cm0@fPUaabH
TrendMicro	TROJ_GEN.R067C0ODM23
McAfee-GW-Edition	BehavesLike.Win32.Infected.nz
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.2e1577caa2db45dd
Sophos	Mal/VB-F
Ikarus	Virus.Win32.Vtub
GData	Gen:Trojan.Heur.cm0@fPUaabH
Antiy-AVL	Trojan/Win32.VB
Xcitium	Malware@#weyci0gxnll4
Arcabit	Trojan.Heur.EAF85D
ZoneAlarm	Trojan-Downloader.Win32.VB.qrf
Microsoft	Worm:Win32/Potonup.A
Google	Detected
BitDefenderTheta	AI:Packer.1CF67E661B
ALYac	Gen:Trojan.Heur.cm0@fPUaabH
MAX	malware (ai score=84)
VBA32	TrojanDownloader.VB
Cylance	unsafe
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_GEN.R067C0ODM23
Rising	Spyware.KeyLogger!1.9946 (CLASSIC)
Yandex	Trojan.GenAsa!HS1t7f2uv60
MaxSecure	Trojan.Malware.898655.susgen
Fortinet	Malware_fam.A
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)