Malware

Nemesis.16736 removal instruction

Malware Removal

The Nemesis.16736 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Nemesis.16736 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • CAPE detected the NanoCore malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Nemesis.16736?



File Info:

name: 1C0EEAABB09089596DE8.mlw
path: /opt/CAPEv2/storage/binaries/0facd089f92fda41f49e30f186ec2767b612cd96e46491451523fc50260d77fb
crc32: 9FCC9F98
md5: 1c0eeaabb09089596de84df30d1bbc42
sha1: 0d4c09891fe69bc73633376b4c06648c4fdfa626
sha256: 0facd089f92fda41f49e30f186ec2767b612cd96e46491451523fc50260d77fb
sha512: 24b2424612815c025085f551e62978f753ae3b0b80f8170ef41adb4f2dbb92440ae8ec7a1cb4ec9328ed6e4ff83f3165c7cd15a218158e9ea978d1d8406707b7
ssdeep: 12288:gYquQXy2t09IIYkoXR+tNGXzJH633PBii2l7oJFpv9G:gYquQXy2t09CrXhO3T2lUvpvM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T191A423603AA4C64AC51209716FB2D8BD4B767E216DE46F27B3C07F8F787EB816509312
sha3_384: dfe485c7bd2d1b7657035213c10c9b64c733a05129004512cb0b472f734ac87cabafc73ea7cdde538a210c9817d6b9d8
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 21:56:47


Version Info:

CompanyName: hydraucone
FileDescription: prevail
FileVersion: 41.7.3.10
LegalCopyright: Copyright squabble
LegalTrademarks: retreatism
ProductName: 41.7.3.10
Translation: 0x0409 0x04b0

Nemesis.16736 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Nemesis.16736
ClamAVWin.Trojan.Generickdz-9988544-0
FireEyeGeneric.mg.1c0eeaabb0908959
MalwarebytesTrojan.Injector
VIPREGen:Variant.Nemesis.16736
K7AntiVirusTrojan ( 0059f36a1 )
K7GWTrojan ( 0059f36a1 )
CyrenW32/Trojan.MHSN-3560
SymantecPacked.NSISPacker!g14
ESET-NOD32a variant of Win32/Injector.ESRS
ZonerTrojan.Win32.153689
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyVHO:Backdoor.Win32.Convagent.gen
BitDefenderGen:Variant.Nemesis.16736
NANO-AntivirusTrojan.Win32.Loader.jutrkf
AvastWin32:PWSX-gen [Trj]
DrWebTrojan.Loader.1311
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
EmsisoftGen:Variant.Nemesis.16736 (B)
IkarusTrojan-Spy.FormBook
GDataWin32.Trojan.PSE.KOST7R
AviraHEUR/AGEN.1213060
Antiy-AVLTrojan/Win32.Sabsik
ArcabitTrojan.Nemesis.D4160 [many]
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
VBA32Trojan.Loader
ALYacTrojan.GenericKDZ.97638
MAXmalware (ai score=81)
RisingTrojan.Injector!8.C4 (TFE:5:PFgzrXJyt2K)
YandexTrojan.Injector!ckA6AnmGUk4
FortinetW32/Injector_AGen.PZ!tr
BitDefenderThetaGen:NN.ZexaF.36308.suW@aSYbLEgi
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Nemesis.16736?

Nemesis.16736 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment