Trojan

AIT:Trojan.GenericTKA.255 (B) removal tips

Malware Removal

The AIT:Trojan.GenericTKA.255 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What AIT:Trojan.GenericTKA.255 (B) virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Unconventionial binary language: Polish
  • Unconventionial language used in binary resources: Polish
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine AIT:Trojan.GenericTKA.255 (B)?


File Info:

name: 76A988F7FFE9F7B6360D.mlw
path: /opt/CAPEv2/storage/binaries/9194781a17e2877382cf37df0abdecad409d38742ffe3b8bf3a0d838fbe5cd8e
crc32: D1C5B3E7
md5: 76a988f7ffe9f7b6360d2eb6140bba97
sha1: 0a3d16d2393832ac7fd36e06aee32344c801e9cc
sha256: 9194781a17e2877382cf37df0abdecad409d38742ffe3b8bf3a0d838fbe5cd8e
sha512: 85ea7a19b9baafb7e2d026719b7165579f07ca2f8329e1472915ed04dbe63e16944c91df0bf9f5bcebaae7ef55da7c558340b015bf92f1a7c7fbe566f71dca4b
ssdeep: 12288:ljkArEN249AyE/rbaMct4bO2/Vv8RPyRieHtDp0t44MnLqcK2dFfa:6FE//Tct4bOsqRPyR7F0t44MnLqcKexa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17ED42281225E8E81D37A0E7F24C1DA5A06AABCD9C145AF2FE0F0FD23353529395F6746
sha3_384: 2429b471b935b14a7b8cfda07a4fbe1d34525ac60c263cf227ce23a4bc14d8523af4a7c8860d7978bf15ceaa89c5dee0
ep_bytes: 60be005047008dbe00c0f8ff57eb0b90
timestamp: 2010-04-16 07:47:33

Version Info:

FileVersion: 99.99.22.5
Comments: y5@p
FileDescription: >S3+KL!U@)
Translation: 0x0415 0x04b0

AIT:Trojan.GenericTKA.255 (B) also known as:

MicroWorld-eScanAIT:Trojan.GenericTKA.255
ClamAVWin.Trojan.Autoit-142
FireEyeAIT:Trojan.GenericTKA.255
CAT-QuickHealWorm.AutoIt.Renocide.C
ALYacAIT:Trojan.GenericTKA.255
CylanceUnsafe
VIPREAIT:Trojan.GenericTKA.255
Cybereasonmalicious.7ffe9f
SymantecW32.Harakit
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Packed.Autoit.C.Gen suspicious
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderAIT:Trojan.GenericTKA.255
SUPERAntiSpywareTrojan.Agent/Gen-PlusX
AvastWin32:Rootkit-gen [Rtk]
Ad-AwareAIT:Trojan.GenericTKA.255
EmsisoftAIT:Trojan.GenericTKA.255 (B)
ComodoMalware@#3pxpdi5j59i4l
ZillyaWorm.Autoit.Win32.2467
McAfee-GW-EditionBehavesLike.Win32.Injector.jc
GDataAIT:Trojan.GenericTKA.255 (3x)
WebrootW32.Worm.Autoit
AviraDR/AutoIt.Gen
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASCommon.168
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
McAfeeArtemis!76A988F7FFE9
VBA32Trojan.Autoit.F
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Obfus/Autoit!1.BEDE (CLASSIC)
YandexWorm.Autoit.Gen
IkarusVirus.Packed.AutoIt
FortinetW32/Tifaut.C!worm
BitDefenderThetaAI:Packer.ADE5CE5E18
AVGWin32:Rootkit-gen [Rtk]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove AIT:Trojan.GenericTKA.255 (B)?

AIT:Trojan.GenericTKA.255 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment