Malware

Johnnie.54985 removal instruction

Malware Removal

The Johnnie.54985 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Johnnie.54985 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

s2.symcb.com
sv.symcd.com

How to determine Johnnie.54985?


File Info:

crc32: DCD351D2
md5: b9dfe7d866d578a31de2b842d9e9cafa
name: B9DFE7D866D578A31DE2B842D9E9CAFA.mlw
sha1: ffc7baeda79bbc7cb324dadad148531f0db9de68
sha256: 9b359e2c494462761065bf85025ca1545f6182cb1f1edcd371ce9a02ee9b7e57
sha512: bc363ad1db045b89882c5063c0ec481e2264626cb242d3e3acb99913ff3043206058df9038a99cafa31f136834e6baee9c5f9d12ca6d82bf8b6f65a077e9fa4b
ssdeep: 1536:Kv/0k4FMHuDdDgsOo2LGn16qG1vqiQ1ZSvaN7Lzt1s4RsP:Kv/0tBDdssOoDUgrZSvgXzXs4GP
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: TazeR.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:
OriginalFilename: TazeR.exe

Johnnie.54985 also known as:

K7AntiVirusTrojan ( 700000121 )
CynetMalicious (score: 99)
ALYacGen:Variant.Johnnie.54985
CylanceUnsafe
SangforRansom.Win32.Blocker.jpkl
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 700000121 )
Cybereasonmalicious.866d57
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.QER
APEXMalicious
AvastMSIL:GenMalicious-DSY [Trj]
KasperskyTrojan-Ransom.Win32.Blocker.jpkl
BitDefenderGen:Variant.Johnnie.54985
NANO-AntivirusTrojan.Win32.Blocker.ewfpap
MicroWorld-eScanGen:Variant.Johnnie.54985
TencentWin32.Trojan.Blocker.Pitz
Ad-AwareGen:Variant.Johnnie.54985
SophosMal/Generic-R
ComodoMalware@#1kifcmomitc1a
BitDefenderThetaGen:NN.ZemsilF.34686.im1@aCnFCnl
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.b9dfe7d866d578a3
EmsisoftGen:Variant.Johnnie.54985 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Blocker.hzw
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
eGambitPE.Heur.InvalidSig
MicrosoftTrojan:Win32/Ymacco.AB9B
ArcabitTrojan.Johnnie.DD6C9
GDataGen:Variant.Johnnie.54985
McAfeeArtemis!B9DFE7D866D5
MAXmalware (ai score=99)
VBA32Trojan-Ransom.Blocker
PandaTrj/CI.A
RisingRansom.Blocker!8.12A (CLOUD)
YandexTrojan.Blocker!OiZ/YxqWaeQ
IkarusTrojan.MSIL.Injector
FortinetW32/Blocker.GL!tr
AVGMSIL:GenMalicious-DSY [Trj]
Paloaltogeneric.ml

How to remove Johnnie.54985?

Johnnie.54985 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment