Johnnie.21605 removal guide

The Johnnie.21605 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Johnnie.21605 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Johnnie.21605?


File Info:
crc32: EAE8A9B2
md5: 9c87a3b6bbb2cb4ab783fc0b0e3cbc04
name: sansprinmoki.exe
sha1: 9ef7273ba5ab1c26f6d1d55be90c56c7dd7685c5
sha256: 87ab1a05cd495a10e7439d1df663d2d15e8456988f9e46b1b3f3baf635fd01e7
sha512: 58b7ce9e60b3b2f97fbeaf141680e2adaa94693145b8a16505340efd465fcc06aa3e934f8cf22cda842d4f70da3057dc11231673d7f18c84b38f11fac389b5c0
ssdeep: 6144:B+kypXDQ/m7iWmqTT9JNP/ua3LEwrOBP0AAKr33ClMvdDhS7VVKB0:BCu/PN8d/UEKrCsoVi0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Johnnie.21605 also known as:

MicroWorld-eScan	Gen:Variant.Johnnie.21605
CAT-QuickHeal	Backdoor.Agent
Qihoo-360	Win32/Backdoor.18b
McAfee	Trojan-FMYP!9C87A3B6BBB2
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 004f03711 )
BitDefender	Gen:Variant.Johnnie.21605
K7GW	Trojan ( 004f03711 )
Cybereason	malicious.6bbb2c
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
GData	Gen:Variant.Johnnie.21605
Kaspersky	Backdoor.Win32.Agent.dovl
Alibaba	Backdoor:Win32/Injector.54401217
NANO-Antivirus	Trojan.Win32.Dwn.edfgcd
ViRobot	Trojan.Win32.Z.Zusy.570880.S
Rising	Backdoor.Agent!8.C5D (CLOUD)
Endgame	malicious (high confidence)
Emsisoft	Gen:Variant.Johnnie.21605 (B)
F-Secure	Heuristic.HEUR/AGEN.1026161
DrWeb	Trojan.DownLoader14.15241
Zillya	Trojan.Injector.Win32.386421
TrendMicro	TROJ_GEN.R002C0PAB20
McAfee-GW-Edition	BehavesLike.Win32.Generic.hh
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.9c87a3b6bbb2cb4a
Sophos	Mal/Kovter-P
Ikarus	Trojan.Win32.Injector
Cyren	W32/Trojan.ABZR-6141
Jiangmin	Backdoor.DarkKomet.ekk
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1026161
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.AGeneric
Arcabit	Trojan.Johnnie.D5465
AegisLab	Trojan.Win32.Agent.m!c
ZoneAlarm	Backdoor.Win32.Agent.dovl
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	Backdoor/Win32.Agent.C1980261
Acronis	suspicious
VBA32	Trojan.Fsysna
ALYac	Gen:Variant.Johnnie.21605
Ad-Aware	Gen:Variant.Johnnie.21605
Panda	Trj/GdSda.A
ESET-NOD32	Win32/Injector.CYZQ
TrendMicro-HouseCall	TROJ_GEN.R002C0PAB20
Tencent	Malware.Win32.Gencirc.10b576b9
Yandex	Backdoor.Agent!n8f75petVhE
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Generic.AP.354440!tr
BitDefenderTheta	Gen:NN.ZexaF.34090.IqW@auJy12kO
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_90% (W)
MaxSecure	Trojan.Malware.9660339.susgen

How to remove Johnnie.21605?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Johnnie.21605 removal guide