AIT:Trojan.Nymeria.4096 removal tips

The AIT:Trojan.Nymeria.4096 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What AIT:Trojan.Nymeria.4096 virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• Enumerates running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Detects Avast Antivirus through the presence of a library
• Behavioural detection: Injection (Process Hollowing)
• Executed a process and injected code into it, probably while unpacking
• Behavioural detection: Injection (inter-process)
• Created a process from a suspicious location
• Installs itself for autorun at Windows startup
• CAPE detected the NanoCore malware family
• Creates a copy of itself
• Collects information to fingerprint the system
• Uses suspicious command line tools or Windows utilities

How to determine AIT:Trojan.Nymeria.4096?

File Info:
name: 8BE4E38EECFAFEF6C152.mlw
path: /opt/CAPEv2/storage/binaries/a5515c8cd3f9b1d681b547f57638063c146f94c25b203d2ed8474af7d333ca84
crc32: B91FA304
md5: 8be4e38eecfafef6c152786a438dabc3
sha1: 016a95a7646dea9b4c70dcaa619b445b25b4a54b
sha256: a5515c8cd3f9b1d681b547f57638063c146f94c25b203d2ed8474af7d333ca84
sha512: e347422c481e5818214ffcd9f3d06e0d8b93c6cc84609f4eb3d3252ad60908ff681b757be7c4a3d92df716e23a78006653f9d8166ee9643a5b4aeea3ca1443e2
ssdeep: 24576:xthEVaPqLB/OXA8faoMTRpyiVthEVaPqLB/OXA8faoMTRpyiZ:pEVUcwkB3V9EVUcwkB3VZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166851286A98DD440D89C3ABAAF00E8F543A12CD2DA6C653F71D67E1736FB3D201DD990
sha3_384: 45d22e9a67c49992ad3e00f5b9d9a089a5fe167530bdaccd14e1d678ade5ee64dea5ffba6ec837b66e57bfe8c1e44fcd
ep_bytes: 60be00104a008dbe0000f6ff57eb0b90
timestamp: 2012-01-29 21:32:28

Version Info:
FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.4096 also known as:

How to remove AIT:Trojan.Nymeria.4096?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.