Jatif.1254 removal tips

The Jatif.1254 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Jatif.1254 virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Presents an Authenticode digital signature
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Queries information on disks for anti-virtualization via Device Information APIs
Sniffs keystrokes
Installs itself for autorun at Windows startup
Creates a copy of itself
Creates a slightly modified copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

monsteradds.at

resolver1.opendns.com

myip.opendns.com

fileservers.at

How to determine Jatif.1254?


File Info:
crc32: 9B889C47
md5: 1ff12aab13045315d34d8d1cb835b262
name: 1FF12AAB13045315D34D8D1CB835B262.mlw
sha1: 5fb4c7b270e9ef6ce701963a676a5e36cecc2bcf
sha256: cc8b0fbfce10364d69a8ac6cec01d52bfcf4b45803349bf510d5bf2db63a1ece
sha512: c441dabd6b6e36998489c1b88bbb5f0f4b42c4d27154e562e44508dd756d1d7abfe73e4ddbd425ad76e9a9e190cee6bc14be9a9eec268aceb74520b7df4a5126
ssdeep: 12288:93wEkWbk7iA+TQqZnXoS0a2TsWLvj9VR3paeq:no7ij0EXP2AOvj+v
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright 2015 SyncDriver
CompanyName: SyncDriver
FileDescription: Raises Upgradewhen Digest Southern
ProductName: Lotus
ProductVersion: 9.6.5.8
PrivateBuild: 9.6.5.8
Translation: 0x0409 0x04b0

Jatif.1254 also known as:

K7AntiVirus	Spyware ( 00505c591 )
Lionic	Trojan.Win32.Foreign.j!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Gozi.85
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MauvaiseRI.S5247343
ALYac	Gen:Variant.Jatif.1254
Cylance	Unsafe
Zillya	Trojan.Foreign.Win32.55921
Sangfor	Ransom.Win32.Foreign.nlqr
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Foreign.89f91394
K7GW	Spyware ( 00505c591 )
Cybereason	malicious.b13045
Symantec	Trojan Horse
ESET-NOD32	Win32/Spy.Ursnif.AO
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Kaspersky	Trojan-Ransom.Win32.Foreign.nlqr
BitDefender	Gen:Variant.Jatif.1254
NANO-Antivirus	Trojan.Win32.AD.enazcp
MicroWorld-eScan	Gen:Variant.Jatif.1254
Tencent	Malware.Win32.Gencirc.114aac1a
Ad-Aware	Gen:Variant.Jatif.1254
Sophos	Mal/Generic-S
Comodo	Malware@#5nzjtskzzm42
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_Foreign.R002C0ODP21
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.1ff12aab13045315
Emsisoft	Gen:Variant.Jatif.1254 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Foreign.cim
Webroot	W32.Trojan.Gen
Avira	TR/AD.UrsnifDropper.ledfe
Antiy-AVL	Trojan/Generic.ASMalwS.1F5B99D
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Glupteba!ml
Arcabit	Trojan.Jatif.D4E6
GData	Gen:Variant.Jatif.1254
AhnLab-V3	Trojan/Win32.Foreign.C1958986
McAfee	Artemis!1FF12AAB1304
MAX	malware (ai score=100)
VBA32	Hoax.Foreign
Panda	Trj/Agent.AAJ
TrendMicro-HouseCall	Ransom_Foreign.R002C0ODP21
Rising	Trojan.Generic@ML.86 (RDML:t+YHps05tLXp5JHiwd+OLg)
Yandex	Trojan.Foreign!73UnL6x7bsc
Ikarus	Trojan-Ransom.GandCrab
Fortinet	W32/Kryptik.FQUM!tr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Foreign.HgIASQwA

How to remove Jatif.1254?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.