Trojan

AIT:Trojan.Nymeria.610 removal

Malware Removal

The AIT:Trojan.Nymeria.610 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.610 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a file
  • Attempts to modify proxy settings
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Modifies Image File Execution Options, indicative of process injection or persistence
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Uses suspicious command line tools or Windows utilities

How to determine AIT:Trojan.Nymeria.610?



File Info:

name: 71B88698DA28E9DB3CE8.mlw
path: /opt/CAPEv2/storage/binaries/3735423bdef367487850a09cdef07e2877bbe34885bbc5dba74eb11733a3efd9
crc32: 93C697C6
md5: 71b88698da28e9db3ce856fee12d7c40
sha1: 3821c0850fa91af52ce356fbd671f241d57b6daa
sha256: 3735423bdef367487850a09cdef07e2877bbe34885bbc5dba74eb11733a3efd9
sha512: e328c1be73c483cc7e96eaa834151d06c58f56b1c35f586386522a64030f05941006bdca5d5a5293c9d36aa8b1e6fa69ff25f57833b9d7b3065e71201eb648f7
ssdeep: 12288:AhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aelD1pslHOMsERNtWJBuk+:IRmJkcoQricOIQxiZY1iauSOsRlkat
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13205AE11F5C58076D1A226B09E7AF766A73A6E360326D19B33C43D333E714C25A39B63
sha3_384: e4a0e3d262c8e8d707e7d11f3febabc72864688bb74e5d372458a6dc4fdc2a6f61070a7aacfd7af8a3dc24e87ee48d95
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.610 also known as:

BkavW32.AIDetect.malware2
LionicWorm.Win32.Ngrbot.o!c
Elasticmalicious (high confidence)
MicroWorld-eScanAIT:Trojan.Nymeria.610
CAT-QuickHealTrojanPWS.Zbot.AutoIt.OB
ALYacAIT:Trojan.Nymeria.610
CylanceUnsafe
ZillyaWorm.Ngrbot.Win32.7147
K7AntiVirusTrojan ( 700000111 )
AlibabaWorm:Win32/Ngrbot.fdb5cdc4
K7GWTrojan ( 700000111 )
Cybereasonmalicious.8da28e
VirITTrojan.Win32.DownLoader14.DCFQ
CyrenW32/AutoIt.AQ2.gen!Eldorado
ESET-NOD32a variant of Win32/Injector.Autoit.BOI
APEXMalicious
KasperskyWorm.Win32.Ngrbot.aruj
BitDefenderAIT:Trojan.Nymeria.610
NANO-AntivirusTrojan.Win32.Autoit.duauzk
AvastWin32:Malware-gen
TencentWin32.Worm.Ngrbot.Fdhl
Ad-AwareAIT:Trojan.Nymeria.610
EmsisoftAIT:Trojan.Nymeria.610 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoader14.54226
VIPREAIT:Trojan.Nymeria.610
TrendMicroTROJ_GEN.R034E02JF15
McAfee-GW-EditionBehavesLike.Win32.Ransomware.ch
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.71b88698da28e9db
SophosMal/Generic-R + Troj/AutoIt-BCK
GDataAIT:Trojan.Nymeria.610 (2x)
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Win32.AutoRun.inf
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitAIT:Trojan.Nymeria.610
ZoneAlarmWorm.Win32.Ngrbot.aruj
MicrosoftTrojan:Win32/Skeeyah.A!rfn
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R154467
Acronissuspicious
McAfeeArtemis!71B88698DA28
VBA32Trojan.Autoit.Injcrypt
TrendMicro-HouseCallTROJ_GEN.R034E02JF15
IkarusTrojan.Win32.Injector
FortinetW32/Autoit.BLL!tr
BitDefenderThetaAI:Packer.75BE5C1F16
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove AIT:Trojan.Nymeria.610?

AIT:Trojan.Nymeria.610 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment