Trojan

AIT:Trojan.Nymeria.2881 (B) removal instruction

Malware Removal

The AIT:Trojan.Nymeria.2881 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.2881 (B) virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT:Trojan.Nymeria.2881 (B)?



File Info:

name: C77248BDB244A14B5A34.mlw
path: /opt/CAPEv2/storage/binaries/cf5e405a8dfddafb634a8f32a946965073b9d002adf1d9a2948232ccd024e764
crc32: 3587C1B1
md5: c77248bdb244a14b5a348ef3be1b7b78
sha1: a4c892da6571d28b0c406c0c558cefd0f051ebfb
sha256: cf5e405a8dfddafb634a8f32a946965073b9d002adf1d9a2948232ccd024e764
sha512: 2a4ac39ffae17310392ccb795f257babd0184fa7fa3fb4b7e644dd2828b97783aa3a3c4b6e604403b09677f3471baf4d297a1082945084f9e588bddc22c34b23
ssdeep: 49152:mtukwkn9IMHeahodmfQwEWE5PmijNPsTuvz7laPCSe2We:mtddnVO5wEWE0ieSvz7QPCRe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19FC5010373DD83B1C3B25273BA56BB02AEBF7D250661F19B2FD4093DE920561522E663
sha3_384: 23b75d250616c175d49c66b92a7ed89930ce1b2f6d047e4b3cfb9b7340dfd33bb28ed34d8db9c4b28834c54509f5e13e
ep_bytes: 558bec6aff68a0924100682065410064
timestamp: 2012-12-31 00:38:38


Version Info:

CompanyName: Mole
FileDescription: Smartversion patch
FileVersion: 1.6.0.0
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2012 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: December 30, 2012
ProductName: 7-Zip SFX
ProductVersion: 1.6.0.2712
Translation: 0x0000 0x04b0

AIT:Trojan.Nymeria.2881 (B) also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanAIT:Trojan.Nymeria.2881
FireEyeAIT:Trojan.Nymeria.2881
Cybereasonmalicious.db244a
BitDefenderAIT:Trojan.Nymeria.2881
EmsisoftAIT:Trojan.Nymeria.2881 (B)
VIPREAIT:Trojan.Nymeria.2881
GDataAIT:Trojan.Nymeria.2881 (3x)
MAXmalware (ai score=84)
ArcabitAIT:Trojan.Nymeria.DB41 [many]
ALYacAIT:Trojan.Nymeria.2881
MalwarebytesDarkComet.Backdoor.Dropper.DDS
CrowdStrikewin/malicious_confidence_60% (D)

How to remove AIT:Trojan.Nymeria.2881 (B)?

AIT:Trojan.Nymeria.2881 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment