Malware

Nemesis.23754 removal instruction

Malware Removal

The Nemesis.23754 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Nemesis.23754 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Nemesis.23754?



File Info:

name: CF883AB49DDCCE50D927.mlw
path: /opt/CAPEv2/storage/binaries/b762b4a1e7cd74483b201e80fa49580bb4676fad55d35c69e77c8dbabeeddac1
crc32: C96D411C
md5: cf883ab49ddcce50d9275917437bc79b
sha1: 7b9bd5c903f3df6ad696c523e1f73c2041b5f90d
sha256: b762b4a1e7cd74483b201e80fa49580bb4676fad55d35c69e77c8dbabeeddac1
sha512: 1da3bd3c6c4ed8b473b071b0fd7e1a8f6be09c9582853df3dac675fd360d0082cb1c32786330b1390f97d860baed4d3e7433be8607426439e59bbf0eabdd5e82
ssdeep: 24576:BB1MJywF1FOVTNu2j33QSR3+XXrpZICs+bBe:BUrUVxhlR3+XXrpZ2+te
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1791523E735EE7093F923CAB1429EAC22873BE300357214471BA849DDD9541CB79EE789
sha3_384: 4805cccfae443c97b4eab6a2090d10b3b2501f237c17f2121d9c2ae380c805308a9f67fd8fe555f83a99b05aa1c4364f
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

0: [No Data]

Nemesis.23754 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGen:Variant.Nemesis.23754
CAT-QuickHealTrojan.GenericPMF.S3026556
McAfeeGenericRXCE-NT!CF883AB49DDC
Cylanceunsafe
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaTrojan:Win32/CeeInject.7496c4eb
K7GWTrojan ( 004c1b911 )
K7AntiVirusTrojan ( 004c1b911 )
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Nemesis.23754
NANO-AntivirusTrojan.Win32.Kryptik.fnyzio
MicroWorld-eScanGen:Variant.Nemesis.23754
AvastNSIS:Hiloti [Drp]
EmsisoftGen:Variant.Nemesis.23754 (B)
F-SecureTrojan.TR/Crypt.EPACK.Gen2
DrWebTrojan.Siggen2.45742
VIPREGen:Variant.Nemesis.23754
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Crypt.EPACK.Gen2
Antiy-AVLTrojan/Win32.SGeneric
KingsoftWin32.Trojan.Generic.a
XcitiumMalware@#2lyrcdz35k145
ArcabitTrojan.Nemesis.D5CCA [many]
ZoneAlarmHEUR:Trojan.Win32.Generic
VaristW32/Hiloti.V.gen!Eldorado
BitDefenderThetaGen:NN.ZexaF.36744.VmGfaGmnOab
ALYacGen:Variant.Nemesis.23754
MAXmalware (ai score=100)
VBA32BScope.TrojanBanker.ClipBanker
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TencentWin32.Trojan.Generic.Fplw
YandexTrojan.Kryptik!U32LtJzNas4
IkarusGen.Variant.Hiloti
FortinetW32/Kryptik.ABH!tr
AVGNSIS:Hiloti [Drp]
Cybereasonmalicious.903f3d
DeepInstinctMALICIOUS

How to remove Nemesis.23754?

Nemesis.23754 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment