PUP.Astromenda Removal Report

Table of Contents

Aliases

14 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Generic36.AFHE
Antiy-AVL	GrayWare[AdWare:not-a-virus]/Win32.Agent
Sophos	Troj/Agent-AJJO
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fh
TrendMicro	ADW_STARTPAGE
Comodo	ApplicUnwnt
Kaspersky	not-a-virus:AdWare.Win32.Agent.gpgg
Symantec	Adware.DealPly
McAfee	Artemis!6C83D6FDCE5C
CAT-QuickHeal	AdWare.Agent.r6 (Not a Virus)
AVG	Generic_s.DM
DrWeb	Adware.Downware.8492
Avast	Win32:Dropper-gen [Drp]
Symantec	Trojan Horse

SpyHunter Detects & Remove PUP.Astromenda

File System Details

PUP.Astromenda may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	brs.exe	6c83d6fdce5ca49634988b96f788feec	18,295
Name: brs.exe MD5: 6c83d6fdce5ca49634988b96f788feec Size: 1.04 MB (1043968 bytes) Detections: 18,295 Type: Executable File Path: C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe Group: Malware file Last Updated: May 17, 2024
2.	Astroupdate.exe	08b32f1bd56854dcecdfbd7a5ac180a0	15,173
Name: Astroupdate.exe MD5: 08b32f1bd56854dcecdfbd7a5ac180a0 Size: 478.2 KB (478208 bytes) Detections: 15,173 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\Astroupdate.exe Group: Malware file Last Updated: February 8, 2025
3.	trz41FE.tmp	6717478dcc4540f51fd8d760a7008e22	5,725
Name: trz41FE.tmp MD5: 6717478dcc4540f51fd8d760a7008e22 Size: 1.17 MB (1173504 bytes) Detections: 5,725 Type: Temporary File Path: C:\Program Files\WSE_Astromenda\BRS\trz41FE.tmp Group: Malware file Last Updated: September 9, 2022
4.	astromendaGames.exe	b16a123f0e6b3f0916830d7cbe51d553	2,921
Name: astromendaGames.exe MD5: b16a123f0e6b3f0916830d7cbe51d553 Size: 41.4 MB (41402880 bytes) Detections: 2,921 Type: Executable File Path: %APPDATA%\Astromenda games Group: Malware file Last Updated: July 23, 2022
5.	astromenda (2).exe	66f739f9a09f49164e1b99023884298a	1,640
Name: astromenda (2).exe MD5: 66f739f9a09f49164e1b99023884298a Size: 750.08 KB (750080 bytes) Detections: 1,640 Type: Executable File Path: D:\Backup\samsung\AppData\Local\Astromenda\Application\astromenda (2).exe Group: Malware file Last Updated: July 14, 2021
6.	AstromendaKMS.exe	932cadbd8717ad923c09d0664a8d715b	1,377
Name: AstromendaKMS.exe MD5: 932cadbd8717ad923c09d0664a8d715b Size: 470.24 KB (470240 bytes) Detections: 1,377 Type: Executable File Path: %LOCALAPPDATA%\AstromendaKMS\AstromendaKMS\1.3.11.0 Group: Malware file Last Updated: October 17, 2020
7.	trz6BEC.tmp	4427c4a01474d6b0e3b21091cde22eaa	1,177
Name: trz6BEC.tmp MD5: 4427c4a01474d6b0e3b21091cde22eaa Size: 240.12 KB (240128 bytes) Detections: 1,177 Type: Temporary File Path: C:\Users\<username>\AppData\Roaming\Astromenda\UpdateProc\trz6BEC.tmp Group: Malware file Last Updated: March 5, 2022
8.	uninstall.exe	440985006caecff06871e278a2f03bfe	53
Name: uninstall.exe MD5: 440985006caecff06871e278a2f03bfe Size: 713.72 KB (713728 bytes) Detections: 53 Type: Executable File Path: C:\Program Files (x86)\Astromenda\uninstall.exe Group: Malware file Last Updated: February 26, 2023
9.	bkup.dat	d99b3faa579c71391318c52462c3f21f	26
Name: bkup.dat MD5: d99b3faa579c71391318c52462c3f21f Size: 16.9 KB (16901 bytes) Detections: 26 Type: Data file Path: %APPDATA%\WSE_Astromenda\UpdateProc Group: Malware file Last Updated: July 7, 2017
10.	astromenda.exe	fc9848343f72d1c75af6e601e3d35986	13
Name: astromenda.exe MD5: fc9848343f72d1c75af6e601e3d35986 Size: 749.56 KB (749568 bytes) Detections: 13 Type: Executable File Path: %LOCALAPPDATA%\Astromenda\Application Group: Malware file Last Updated: March 26, 2016

More files

Registry Details

PUP.Astromenda may create the following registry entry or registry entries:

File name without path

Astromenda.lnk

Regexp file mask

%LOCALAPPDATA%\Astromenda\Application\astromenda.exe

%WinDir%\System32\Tasks\Astromenda

%WINDIR%\System32\Tasks\WSE_Astromenda

%windir%\Tasks\Astromenda.job

%WINDIR%\Tasks\WSE_Astromenda.job

HKEY..\..\..\..{RegistryKeys}

Software\astromenda

Software\Astromenda Browser

SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

SOFTWARE\Classes\Wow6432Node\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WSE_Astromenda.job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WSE_Astromenda.job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Astromenda

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\astromenda.exe

Software\Microsoft\Windows\CurrentVersion\RunOnce\Astromenda

Software\Microsoft\Windows\CurrentVersion\RunOnce\WSE_Astromenda

SOFTWARE\Wow6432Node\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\astromenda.exe

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\astromenda.exe

Software\WSE_Astromenda

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Astromenda

WSE_Astromenda

Directories

PUP.Astromenda may create the following directory or directories:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Astromenda

%APPDATA%\WSE_Astromenda

%AppData%\Astromenda

%LOCALAPPDATA%\Astromenda

%LOCALAPPDATA%\AstromendaKMS

%PROGRAMFILES%\Astromenda

%PROGRAMFILES%\WSE_ASTROMENDA

%PROGRAMFILES(x86)%\Astromenda

%PROGRAMFILES(x86)%\WSE_ASTROMENDA

%UserProfile%\Local Settings\Application Data\Astromenda

URLs

PUP.Astromenda may call the following URLs:

Astromenda Search Addon

astromenda.com

Ranking:	642
Threat Level:	10 % (Normal)
Infected Computers:	151,007

First Seen:	July 29, 2014
Last Seen:	February 9, 2025
OS(es) Affected:	Windows

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Astromenda

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove PUP.Astromenda

File System Details

Registry Details

Directories

URLs

Submit Comment

Trending

Sign-in Attempt Was Blocked Email Scam

Trojan:Win32/Amadey!rfn

IMAP/POP Certificate Validation Email Scam

Most Viewed

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error