How to remove "Downloader.YXdown"?

The Downloader.YXdown is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Downloader.YXdown virus can do?

A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity contains more than one unique useragent.
Attempts to modify proxy settings
Generates some ICMP traffic

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.pcsoft.jshhdian.com

ggstats.yb.jshhdian.com

eoud.dgygpx.com

www.baidu.com

api.yb.jshhdian.com

poik.dgygpx.com

ymte.sgdebao.com

How to determine Downloader.YXdown?


File Info:
crc32: 72730628
md5: 9e5f22ceb1c8e5901944341207f9d976
name: adobe-photoshop_24_242.exe
sha1: b908fecb705fe37b9df4c047cd8629ec48ecd439
sha256: 75fe0fc5e1cc3988b9a527a418d720cc857496991e9758aed3bcc30b76bb5cf7
sha512: 97a52cffc8eb78baf0b2f92ef78ab70f7eda8bb72019fe898958eed0886265f6585a0bc0a3f66110f3d2ae3a52dfeac6d0b3e7787763c3f991b19a56a13a3979
ssdeep: 98304:7djrfbWvOUlCnJ+I9P0ABLGejAMJ8C2IXDOXqHBQ+RSQnhj1Emq3v05hX6mx3o1+:dCO0E0ABLlJfCQjqX3vU3IrftzU3
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright (C) 2019
FileVersion: 3.0.1.2
ProductName: x6781x901fx4e0bx8f7dx5668
ProductVersion: 3.0.1.2
FileDescription: x6781x901fx4e0bx8f7dx5668
OriginalFilename: Install.exe
Translation: 0x0804 0x03a8

Downloader.YXdown also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Trojan.GenericKD.42284019
FireEye	Generic.mg.9e5f22ceb1c8e590
CAT-QuickHeal	PUA.IgenericRI.S10596407
ALYac	Trojan.GenericKD.42284019
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0050b49d1 )
BitDefender	Trojan.GenericKD.42284019
Cybereason	malicious.b705fe
Arcabit	Trojan.Generic.D28533F3
BitDefenderTheta	Gen:NN.ZexaF.34084.@pLfaqRCqwnj
F-Prot	W32/S-d8efc1c1!Eldorado
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.42284019
Kaspersky	not-a-virus:HEUR:Downloader.Win32.YXdown.pef
Endgame	malicious (moderate confidence)
Emsisoft	Trojan.GenericKD.42284019 (B)
F-Secure	PrivacyRisk.SPR/GameTool.Gen8
Zillya	Tool.YouXun.Win32.803
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
Trapmine	suspicious.low.ml.score
Ikarus	PUA.RiskWare.Youxun
Cyren	W32/S-d8efc1c1!Eldorado
Jiangmin	Downloader.YXdown.bz
Avira	SPR/GameTool.Gen8
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Wacatac.D!ml
ZoneAlarm	not-a-virus:HEUR:Downloader.Win32.YXdown.pef
AhnLab-V3	Malware/Win32.Generic.C3974891
McAfee	GenericRXAA-AA!9E5F22CEB1C8
VBA32	Downloader.YXdown
Malwarebytes	RiskWare.YouXun
ESET-NOD32	a variant of Win32/RiskWare.YouXun.H
Rising	Adware.Downloader!1.B962 (RDMK:cmRtazqNJNepVcp8MfFXEqb69QTV)
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenericKD.32784984!tr
Ad-Aware	Trojan.GenericKD.42284019
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Virus.Downloader.b00

How to remove Downloader.YXdown?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Downloader.YXdown”?