The Ser.Johnnie.5361 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What Ser.Johnnie.5361 virus can do?
- Executable code extraction
- Injection (inter-process)
- Injection (Process Hollowing)
- Injection with CreateRemoteThread in a remote process
- Attempts to connect to a dead IP:Port (2 unique times)
- Creates RWX memory
- Possible date expiration check, exits too soon after checking local time
- A process attempted to delay the analysis task.
- Reads data out of its own binary image
- Performs some HTTP requests
- Unconventionial binary language: Russian
- Unconventionial language used in binary resources: Russian
- Uses Windows utilities for basic functionality
- Executed a process and injected code into it, probably while unpacking
- Creates a hidden or system file
- Attempts to modify proxy settings
Related domains:
cdn.arsis.at |
www.bing.com |
How to determine Ser.Johnnie.5361?
File Info:
crc32: 58E1B21Cmd5: d6c361f547a7c56c40791098cec92186name: tmppwt8b2crsha1: 4717f01ae2a558a00d509fe184d9f93bb8043e3asha256: 7bc9d1453bb84033fd82500f10db64cbf221c4286ed3eba7928249dae6d67675sha512: 5a3fd95aa0acb9c315bb1eb9312a8c1d2f23770ccdf9e1da0544aa7d06a2332c423a3916cd2d6253f8a387348988a1a3274103c5a19719a06e9f6097c353ab99ssdeep: 3072:Ap1FkFamt9H3vAmdKWEfz2BsY4DcflDonb5oDZZQyK3tumnwD:a1FkFamz3omMWKz2BR46ZZQyKKtype: PE32 executable (console) Intel 80386, for MS WindowsVersion Info:
LegalCopyright: sd fdsi fds fjsd fdsfj kldsfj kldjs fdjsklfdjsf InternalName: d fds f8dsf8 0dsf8 90ds8 fsd8f90 sd890 fds9f s90d8s90d8fFileVersion: ds fds9f8 ds f80ds8 f9ds8 f0ds8f0 sd8f9sd90f ds098 fPrivateBuild: ds f98ds f8s90d8f 9ds8f0 s8d0 f89sd8f ds890f 8dsf8 90ds8 fLegalTrademarks: sd fsd8-0 fds f90-ds9 f0ds9f ds9f0-9ds f9ds9 f-ds90 fds- f9ProductName: sd fiusd fpdsfpd;sf dsf dsfkodskop fkds fdsfk dsfkProductVersion: sd fods fods fdks fdoskf kdsf pdskf dsfo dks fFileDescription: SDF DS 9F8DS98 FDS98 F90DSF89DS8F9DS8F9 8DS0F80DS9OriginalFilename: sd fds fdsjf ddfs fsdf dsi fds fdsfj dksj fdlsfj ldsjf ksdj fTranslation: 0x0419 0x04b0
Ser.Johnnie.5361 also known as:
| MicroWorld-eScan | Gen:Variant.Ser.Johnnie.5361 |
| CAT-QuickHeal | Trojan.Gozi |
| Qihoo-360 | Generic/Trojan.028 |
| ALYac | Spyware.Ursnif |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| AegisLab | Trojan.Win32.Gozi.7!c |
| Sangfor | Malware |
| K7AntiVirus | Spyware ( 005526431 ) |
| BitDefender | Gen:Variant.Ser.Johnnie.5361 |
| K7GW | Spyware ( 005526431 ) |
| TrendMicro | TrojanSpy.Win32.URSNIF.THFAHBO |
| Cyren | W32/Trojan.KNTN-1468 |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | Win32/Spy.Ursnif.CT |
| APEX | Malicious |
| Paloalto | generic.ml |
| Kaspersky | Trojan-Banker.Win32.Gozi.kxj |
| Alibaba | TrojanBanker:Win32/Ursnif.3a694861 |
| Rising | Spyware.Ursnif!8.1DEF (CLOUD) |
| Ad-Aware | Gen:Variant.Ser.Johnnie.5361 |
| Emsisoft | Gen:Variant.Ser.Johnnie.5361 (B) |
| Comodo | Malware@#14lf79j63cdgw |
| F-Secure | Heuristic.HEUR/AGEN.1108818 |
| Invincea | heuristic |
| FireEye | Generic.mg.d6c361f547a7c56c |
| Sophos | Troj/Gozi-TP |
| Ikarus | Trojan.Win32.Kovter |
| Jiangmin | Trojan.Banker.Gozi.atr |
| Webroot | W32.Trojan.Gen |
| Avira | HEUR/AGEN.1108818 |
| MAX | malware (ai score=81) |
| Antiy-AVL | Trojan[Banker]/Win32.Gozi |
| Microsoft | TrojanSpy:Win32/Ursnif.KC!bit |
| Arcabit | Trojan.Ser.Johnnie.D14F1 |
| ZoneAlarm | Trojan-Banker.Win32.Gozi.kxj |
| GData | Gen:Variant.Ser.Johnnie.5361 |
| Cynet | Malicious (score: 85) |
| AhnLab-V3 | Malware/Win32.Generic.C4132477 |
| McAfee | RDN/Generic PWS.y |
| VBA32 | TrojanBanker.Gozi |
| Malwarebytes | Trojan.Ursnif |
| Panda | Trj/RnkBend.A |
| TrendMicro-HouseCall | TrojanSpy.Win32.URSNIF.THFAHBO |
| Tencent | Win32.Trojan.Inject.Auto |
| Fortinet | W32/Ursnif.CT!tr.spy |
| BitDefenderTheta | Gen:NN.ZexaF.34130.oq3@aSsQp7kc |
| AVG | Win32:MalwareX-gen [Trj] |
| Avast | Win32:MalwareX-gen [Trj] |
| CrowdStrike | win/malicious_confidence_100% (W) |
| MaxSecure | Trojan.Malware.102470225.susgen |
How to remove Ser.Johnnie.5361?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment