Trojan

AIT:Trojan.Nymeria.639 removal guide

Malware Removal

The AIT:Trojan.Nymeria.639 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What AIT:Trojan.Nymeria.639 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

yt3.ggpht.com
lh3.googleusercontent.com
image.flaticon.com
ocsp.pki.goog
crls.pki.goog
crl.pki.goog
ocsp.comodoca.com
ocsp.usertrust.com

How to determine AIT:Trojan.Nymeria.639?


File Info:

crc32: 5C119C60
md5: 84c8d8af2838042545565caad48b0f0e
name: 84C8D8AF2838042545565CAAD48B0F0E.mlw
sha1: 05f6123b2bdb5e2abb359a4bec5176167ac85b5c
sha256: 98adb604e8183f856dc965076f14036f2a27991c00299998d58aed52ddf10baf
sha512: 38c72488614ecb790ab98679a11d736c890cbc1568a34b049b9becf2b0272d6ac342078c9d8421d887447659ada4f91efba63b351ac81ddf4923bd012bf87f14
ssdeep: 98304:02cPK8IHO0jQ+ZtVEoylwDCq1vOHdDZGw550o4:vCKFu0sQUkCq1GHBb5uo
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.639 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader22.9658
ClamAVWin.Malware.Zusy-9883820-0
CAT-QuickHealW32.Delf.NB4
ALYacDropped:Trojan.GenericKD.37940051
CylanceUnsafe
CrowdStrikewin/malicious_confidence_60% (W)
Cybereasonmalicious.f28380
CyrenW32/AutoIt.VI.gen!Eldorado
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:MiscX-gen [PUP]
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.DarkKomet.hqxy
BitDefenderAIT:Trojan.Nymeria.639
NANO-AntivirusTrojan.Win32.DarkKomet.fazbwq
MicroWorld-eScanAIT:Trojan.Nymeria.639
TencentWin32.Backdoor.Darkkomet.Ebqu
Ad-AwareAIT:Trojan.Nymeria.639
SophosGeneric ML PUA (PUA)
F-SecureMalware.W2000M/Dldr.Agent.17651006
BitDefenderThetaAI:Packer.3E54863916
TrendMicroTROJ_GEN.R002C0PGM21
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.wc
FireEyeGeneric.mg.84c8d8af28380425
EmsisoftAIT:Trojan.Nymeria.639 (B)
AviraTR/Injector.mcfif
Antiy-AVLTrojan[Downloader]/Script.AGeneric
MicrosoftWorm:Win32/AutoRun!atmn
ArcabitTrojan.Generic.D242EB53
ZoneAlarmBackdoor.Win32.DarkKomet.hqxy
GDataDropped:Trojan.GenericKD.37940051 (2x)
AhnLab-V3Unwanted/Win.GameTool.R426467
McAfeeArtemis!84C8D8AF2838
MAXmalware (ai score=81)
MalwarebytesBackdoor.Bladabindi
TrendMicro-HouseCallTROJ_GEN.R002C0PGM21
RisingVirus.Synaptics!1.CC9C (CLASSIC:cmRtazpS3KVHhdxbXH2Bn91Ra4e5)
IkarusTrojan-Downloader.VBA.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/GameHack.EPF
AVGWin32:MiscX-gen [PUP]

How to remove AIT:Trojan.Nymeria.639?

AIT:Trojan.Nymeria.639 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment