Malware

Johnnie.371678 removal instruction

Malware Removal

The Johnnie.371678 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.371678 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

Related domains:

capitalinvest.ac.ug
ip-api.com

How to determine Johnnie.371678?



File Info:

crc32: 4325D6E5
md5: d2a1f8674158426c2c525e183a90e896
name: D2A1F8674158426C2C525E183A90E896.mlw
sha1: 3c0c0f144c627464bbd81943c74f9f585c813606
sha256: 5952b3d2dfa71c1ce80b7864e760332978d926eec61dc5cecf50c179f9be2753
sha512: c4987081345e8ff7de47592244bd79d3f889a27993d9eaada2ad29dfe51635f88cdd8f12bf269169a6b3670fd0b889de2c5775c7aa5eeb72003259e77814646a
ssdeep: 24576:h0RbSTVKh0Pt8FzrUz9t7mgdjn7453bClK4:h0ELQAvm274Zx
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (c) 2015 Company  McAfee, Inc.
InternalName: Involves Delayed
FileVersion: 2.4.91.1
CompanyName: McAfee, Inc.
FileDescription: Demn Isrelationshipparturitwo Disadvantage
LegalTrademarks: (c) 2015 Company  McAfee, Inc.
Comments: Demn Isrelationshipparturitwo Disadvantage
ProductName: Involves Delayed
Languages: English
ProductVersion: 2.4.91.1
PrivateBuild: 2.4.91.1
OriginalFilename: Involves Delayed.exe
Translation: 0x0409 0x04b0

Johnnie.371678 also known as:

K7AntiVirusTrojan ( 005490771 )
LionicTrojan.Win32.Vidar.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacTrojan.PSW.Vidar
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1601129
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Vidar.38a378a3
K7GWTrojan ( 005490771 )
Cybereasonmalicious.741584
ESET-NOD32a variant of Win32/Kryptik.GQKK
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-PSW.Win32.Vidar.ahi
BitDefenderGen:Variant.Johnnie.371678
NANO-AntivirusTrojan.Win32.Vidar.fnqwga
MicroWorld-eScanGen:Variant.Johnnie.371678
TencentWin32.Trojan-qqpass.Qqrob.Wqwf
Ad-AwareGen:Variant.Johnnie.371678
SophosML/PE-A
BitDefenderThetaGen:NN.ZexaF.34170.dr0@a47Beagi
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.VIDAR.THCOHAI
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.d2a1f8674158426c
EmsisoftGen:Variant.Johnnie.371678 (B)
JiangminTrojan.PSW.Vidar.lz
WebrootW32.Trojan.GenKD
AviraTR/AD.VidarStealer.ppeuf
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.2ACD9AD
MicrosoftRansom:Win32/Gandcrab
ArcabitTrojan.Johnnie.D5ABDE
GDataGen:Variant.Johnnie.371678
AhnLab-V3Malware/Gen.Generic.C3054570
McAfeeArtemis!D2A1F8674158
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Fareit
MalwarebytesTrojan.MalPack
PandaTrj/CI.A
TrendMicro-HouseCallTrojanSpy.Win32.VIDAR.THCOHAI
YandexTrojan.PWS.Vidar!u72JJXS3m0I
IkarusTrojan-Ransom.GandCrab
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/GenKryptik.DBEJ!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Johnnie.371678?

Johnnie.371678 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment