PUABundler:Win32/MemuPlay is a detection of the MemuPlay program that, when installed, installs numerous unwanted programs without the user’s knowledge. Although the program itself is safe, the bundle it carries may contain dangerous applications. These apps may start spamming the user with advertisements and notifications, or even disrupt system functionality.
MemuPlay uses bundling for monetization purposes, but as security vendors consider that practice dangerous, the program is detected and blocked by the majority of them. Using the emulator itself is safe, and the detection acts as a warning about the installation of the programs the user is not aware about.
PUABundler:Win32/MemuPlay Overview
PUABundler:Win32/MemuPlay is a Windows Defender detection that refers to the MEmu application. MEmu is a legitimate application, an Android emulator for Windows, developed by Chinese developers. It has an official website from which users can download the online installer.
However, despite being safe and legit, the program rightfully bears the title of a potentially unwanted application. This is because its installer is packed with third-party software, and it spawns those apps without any notification. While some third-party programs can be rejected by the user during the installation process, others will be installed anyway, regardless of whether the user wants them or not. Some of these programs are just useless, and some may pose security risks. In any case, the bundleware method they use is unacceptable to the end user.
PUABundler:Win32/MemuPlay Runtime Analysis
I’ve decided to try installing the MEmu emulator and see what’s wrong with it. After I went through the installation and got the real user experience, the issue has become pretty obvious. You can download the MEmu online installer from the official website, but it will still carry a bundle to your system.
During the installation the program shows three windows, two of which offer to install “recommended software”. Among them were Opera and antivirus from RAV; I accepted only the latter. After the installation I’ve got the emulator running, though along with not one, but three new icons in the system tray.
Additional Software
The three applications I’ve mentioned above were RAV VPN, Safer Web, and Endpoint Protection. They are positioned as comprehensive user protection. Considering the information from the official website, all three are paid, without any free option, so it is not clear what the apps on the virtual machine are about. Googling their names reveals that users are not happy about them, mainly due to the spreading method.
These applications start with the system and slow down the internet significantly. Moreover, the bandwidth is noticeably lower even when the VPN disabled, which is unpleasant and somewhat suspicious.
In addition, after installing RAV software, Windows Defender becomes unavailable. Defender is not an ideal solution, though I don’t recommend deactivating it without reason, especially replacing it with a software installed from a bundle. Although this tool found one and neutralized one threat, it ignored several PUAs that were already in the system. Further tests showed that its detection rate is not impressive.
What is the bottom line? I don’t recommend using MEmu emulator. The installer contains too many pitfalls, and can install stuff that it has never mentioned. Also, some tests show that instead of more or less safe apps, you may get something like rogue browsers or adware. All this in total puts a large stain on MEmu’s image.
How To Clean Your System
A reputable anti-malware solution is the most effective way to clean the system. I recommend using GridinSoft Anti-Malware, as it will remove all the unwanted apps in a blink of an eye, and works well with other security tools. It will provide reliable protection for your device and prevent the installation of potentially unwanted programs.