Malware

Ser.Cerbu.4253 removal guide

Malware Removal

The Ser.Cerbu.4253 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ser.Cerbu.4253 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ser.Cerbu.4253?



File Info:

name: 8B0CDC90EEA6859AA1E1.mlw
path: /opt/CAPEv2/storage/binaries/d2775781bd600f40a8f1711d268164c9d9f1c7735998782509ad89a10affc046
crc32: D03AB710
md5: 8b0cdc90eea6859aa1e101e1f6f34dde
sha1: 545b4d67248cd5d230ff8d8bbb321ba3d25c6212
sha256: d2775781bd600f40a8f1711d268164c9d9f1c7735998782509ad89a10affc046
sha512: 71aff8ef899ffaa45606bbdcb92022e68b3918aa4e46203dc903a4be165a2b51fd71f78288845c0bee7b92af177724c8983f23a5470a2201a4ec1188578416b9
ssdeep: 196608:N91R5MiGlWHt8xXiyDsiCIpJxK8UVKaw5ecdy:7z5MiGIi/prK8UVKawjdy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F776330AF6B630B3D9A2A5304D76CD3C40E8F5CA703AE966B559C40FF91B543F41AB62
sha3_384: c48c727723ef1cc9337726a659b628643b1753c940eddb7a936c2a0d1c59a2e294197f49c849e5ff5622ab0df2afc704
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Smart Turn Off, Inc.                                        
FileDescription: Smart Turn Off COMputer 3.7.0 Setup                         
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Ser.Cerbu.4253 also known as:

LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.Siggen20.15222
MicroWorld-eScanGen:Variant.Ser.Cerbu.4253
FireEyeGen:Variant.Ser.Cerbu.4253
SkyhighBehavesLike.Win32.ObfuscatedPoly.wc
McAfeeArtemis!8B0CDC90EEA6
MalwarebytesAgent.Trojan.Dropper.DDS
SangforTrojan.Win32.Ekstak.Vy9i
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/Ekstak.cf337c33
K7GWTrojan ( 005722fe1 )
K7AntiVirusTrojan ( 005722fe1 )
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 100)
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Ser.Cerbu.4253
NANO-AntivirusTrojan.Win32.Ekstak.jvaifv
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Simw
EmsisoftGen:Variant.Ser.Cerbu.4253 (B)
F-SecureHeuristic.HEUR/AGEN.1333117
VIPREGen:Variant.Ser.Cerbu.4253
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
JiangminTrojanDownloader.GCleaner.oq
VaristW32/Ekstak.EU.gen!Eldorado
AviraHEUR/AGEN.1333117
MAXmalware (ai score=84)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Ser.Cerbu.D109D
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGen:Variant.Ser.Cerbu.4253
AhnLab-V3Trojan/Win.Malware-gen.C5385370
ALYacGen:Variant.Ser.Cerbu.4253
Cylanceunsafe
PandaTrj/Chgt.AD
YandexTrojan.DR.Agent!HIt93GGVM1c
MaxSecureTrojan.Malware.200903237.susgen
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS

How to remove Ser.Cerbu.4253?

Ser.Cerbu.4253 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment