PUA.Win32.AmmyyAdmin is a potentially unwanted program that may install other threats when run into the computer. This is a name given by an antivirus program to identify computer threats that are linked to unwanted programs, which are software that intends to implicate changes on the computer or browser without asking for the user’s approval. In this case, PUA.Win32.AmmyyAdmin may install other adware, toolbars, browser redirects, and hijacks of the home page of the affected browser.

The detection often relates to programs that may exploit or use the Ammyy Admin application in order for attackers to control the infected computer. The software may have been made available as free remote desktop software, hence, cyber criminals are abusing this product to perform malicious actions on the compromised computer.

Illustration for PUA.Win32.AmmyyAdmin

How does it infect the computer?

PUA.Win32.AmmyyAdmin files and codes can be acquired by users from a range of sources. Malicious links, spam email messages, or peer-to-peer connections can lead to the infection. It may also be dropped onto your PC by threats like Trojans, viruses, or malware.

Normally, PUA.Win32.AmmyyAdmin is bundled to another program that web users frequently downloads from the web. It can be media players, utilities, creativity tools, internet speed boosters, VPN apps, and so on. In some instances, web users may accidentally load PUA.Win32.AmmyyAdmin when they download and run a supposed software update for Google Chrome or Adobe programs.

How does this malware operate?

When PUA.Win32.AmmyyAdmin is present on the computer, it will make various changes. In particular, these potentially unwanted programs target Internet browsers like Google Chrome, Microsoft Edge,, and Mozilla Firefox. Changes will be carried out by PUA.Win32.AmmyyAdmin by adding an add-on, extension, or plug-in. This may result in the integration of a toolbar or an unknown search engine.

Once fully operational on the computer, PUA.Win32.AmmyyAdmin sends a notice to the remote attacker about the active remote desktop connection. Attackers now have full access to the infected computer and can do harmful things through its remote access privilege.


Aside from the mentioned changes on the PC, PUA.Win32.AmmyyAdmin installs files and folders. It can also make registry changes to load itself during Windows start-up. In addition, computer users may see frequent warnings and alerts coming from the security software that detects the presence of the threat.

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *