Trojan

AIT:Trojan.Nymeria.2192 removal tips

Malware Removal

The AIT:Trojan.Nymeria.2192 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.2192 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine AIT:Trojan.Nymeria.2192?



File Info:

name: F4FCFF042255C0E0D28E.mlw
path: /opt/CAPEv2/storage/binaries/123fd8a238a926626a70a6a3d44aab5a55e75eb6e16adb11223d89b09f76b299
crc32: 7BB56834
md5: f4fcff042255c0e0d28eebdaa82af4f4
sha1: 38934b58d38dd5da05da345c3d8478f20d94880c
sha256: 123fd8a238a926626a70a6a3d44aab5a55e75eb6e16adb11223d89b09f76b299
sha512: 254e47f12716a228c78f954468a18b4b1c17292e066c7b75fc0f9036081f00ecbd5d438a0b204c175b974311f39ee086ed6200f550878b8d19bd0feffd8ae42d
ssdeep: 49152:rh+ZkldoPK8Ya77ag1uSkMG103gcpJmuL7FO/lnvLJ+C03S:02cPK81BdkVeLLL7AAW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8B5F102B3E68031FFA792739B66F2155A7D7C650133852F13D82EBABD701B1166E623
sha3_384: b477f4dcb1f5e535fd31b4b057699048a1c4a08af64175d17960bdf5c1b96285f00fb6eefbc7283280188590457bf2c5
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2021-11-29 05:30:56


Version Info:

FileVersion: 0.9.125
Comments: https://ebobotik.net/
FileDescription: Ebobotik for Lineage 2 Revolution
ProductName: Ebobotik L2R
ProductVersion: 0.9.125
CompanyName: Ebobotik.net
LegalCopyright: © 2021 Ebobotik.net
LegalTradeMarks: Ebobotik
Translation: 0x0419 0x04b0

AIT:Trojan.Nymeria.2192 also known as:

MicroWorld-eScanAIT:Trojan.Nymeria.2192
FireEyeAIT:Trojan.Nymeria.2192
McAfeeArtemis!F4FCFF042255
Cybereasonmalicious.42255c
Paloaltogeneric.ml
BitDefenderAIT:Trojan.Nymeria.2192
Ad-AwareAIT:Trojan.Nymeria.2192
McAfee-GW-EditionArtemis
EmsisoftAIT:Trojan.Nymeria.2192 (B)
GDataAIT:Trojan.Nymeria.2192
eGambitUnsafe.AI_Score_90%
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
BitDefenderThetaAI:Packer.1B0ACE3717
ALYacAIT:Trojan.Nymeria.2192
MAXmalware (ai score=80)
TrendMicro-HouseCallTROJ_GEN.R002H09KT21
FortinetMalicious_Behavior.SB

How to remove AIT:Trojan.Nymeria.2192?

AIT:Trojan.Nymeria.2192 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment