![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 54%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Hi KUHA_82! My name is David. I am a user of Microsoft products like you, and it is a pleasure to greet you.
As a first step, perform a full scan with Windows Defender for the initial detection and removal of this PUA. If Windows Defender is not sufficient, you can also use tools like Malwarebytes for this purpose.
Now, if after these scans you are still receiving alerts about this PUA, please follow these steps:
- Start Windows in Safe Mode without networking. You can do this by following the steps in the following support article: https://support.microsoft.com/en-us/windows/sta...
- Open Windows Defender and check the location path of the file being detected. Navigate to that path; you may need to enable the "Hidden items" option from the "View" tab in File Explorer. Once you reach the path, delete the affected file.
- Press "Windows + R" to open the Run dialog, then type
%temp%without quotes, and press Enter. Delete all the contents of this temporary files folder. Deleting them will not affect the functioning of Windows, but it may affect some applications that use temporary storage for documents and files. Therefore, make sure you do not have any files pending editing in your programs. - Delete the following contents from the Windows Defender paths:
- C:\ProgramData\Microsoft\Windows Defender (Delete the quarantine folder).
- C:\ProgramData\Microsoft\Windows Defender\Scans\History (Delete the Results folder).
- C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service (Delete all the contents of this path).
- Finally, restart your PC to return to normal Windows mode, then open CMD as an administrator and execute the following command:
ipconfig /flushdns
This should be sufficient to remove the traces of this PUA. Let me know if the information shared has been helpful. Regards.
