Malware

How to remove “AutoIt:Injector-FI [Trj]”?

Malware Removal

The AutoIt:Injector-FI [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AutoIt:Injector-FI [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine AutoIt:Injector-FI [Trj]?



File Info:

name: A9D0B0D431BD401A84F7.mlw
path: /opt/CAPEv2/storage/binaries/f06282ea8faafdcf77a362d7b4a8d14f197523dcdd72616f2be3a2c4da522c88
crc32: 4F7C384F
md5: a9d0b0d431bd401a84f79b3695b6457f
sha1: 0a2bf3253b743ebb80e3d9c4f4f5554bdcfa8fb3
sha256: f06282ea8faafdcf77a362d7b4a8d14f197523dcdd72616f2be3a2c4da522c88
sha512: a797a032414f6cf4ee573653d3c86b2c81dcf970bdef1164ee4e0d7882caef862dd4c4ea31ef5718f70a51852bd9cb7ad12f2d4aca6211341150ba326bd0d733
ssdeep: 24576:wRmJkcoQricOIQxiZY1iaEPTQHXkfawFO3Qp:FJZoQrbTFZY1iaEP8WaJa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10925D022F5D69036C2B327B19E7EF769963D79360336D29723C839315EB04416B2A723
sha3_384: d11b6632f3e6b7c2e761ae840d41f3dd091b3c7f7eff0a93c2cead19d7b13653a8fc639710b99c382353a0ee957adef2
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

AutoIt:Injector-FI [Trj] also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanAIT:Trojan.Autoit.CNI
FireEyeAIT:Trojan.Autoit.CNI
McAfeeArtemis!A9D0B0D431BD
CylanceUnsafe
ZillyaTrojan.Llac.Win32.47388
SangforTrojan.Win32.Generic.frgo
K7AntiVirusTrojan ( 700000111 )
K7GWTrojan ( 700000111 )
Cybereasonmalicious.431bd4
SymantecSecurityRisk.gen1
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Yakes.dgof
BitDefenderAIT:Trojan.Autoit.CNI
NANO-AntivirusTrojan.Win32.Yakes.cimhbm
AvastAutoIt:Injector-FI [Trj]
TencentWin32.Trojan.Yakes.Lpuu
Ad-AwareAIT:Trojan.Autoit.CNI
TACHYONTrojan/W32.Yakes.1020690
EmsisoftAIT:Trojan.Autoit.CNI (B)
ComodoMalware@#ohncqf7uy8ph
DrWebTrojan.Packed.26712
VIPREAIT:Trojan.Autoit.CNI
McAfee-GW-EditionBehavesLike.Win32.PUP.dc
Trapminesuspicious.low.ml.score
GDataAIT:Trojan.Autoit.CNI (2x)
AviraHEUR/AGEN.1229405
Antiy-AVLTrojan/Generic.ASBOL.C6D6
KingsoftWin32.Troj.Yakes.dg.(kcloud)
SUPERAntiSpywareTrojan.Agent/Gen-GalPic
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
BitDefenderThetaAI:Packer.CF65E5A615
ALYacAIT:Trojan.Autoit.CNI
MAXmalware (ai score=84)
VBA32Trojan.Autoit.Injcrypt
IkarusTrojan.Win32.Yakes
MaxSecureTrojan.Autoit.AZA
FortinetW32/Autoit.ACL!tr
AVGAutoIt:Injector-FI [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove AutoIt:Injector-FI [Trj]?

AutoIt:Injector-FI [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment