Categories: Spy

How to remove “Spyware.15497”?

The Spyware.15497 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Spyware.15497 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Mimics the system’s user agent string for its own requests
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Performs some HTTP requests
Unconventionial binary language: Russian
The binary likely contains encrypted or compressed data.
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

tools.ip2location.com

How to determine Spyware.15497?


File Info:
crc32: 8720C345md5: 3f60620e012a04f6707c4f3e7c195cecname: 3F60620E012A04F6707C4F3E7C195CEC.mlwsha1: 77eec0dd3616bc04060f335b2c9e8af5b9b2a466sha256: 3c765bc68639a4798a0d4a73083a4f3ab28157f1814880fc2367e26e39e3d392sha512: 41f21ac6ebeb349a0827e60bee224127d0dd16a3a1a89843bd64b94d74600bdcabaffc4608939051a17b648ab235a11952c0db4401a2c944d6638b7f76d06e70ssdeep: 3072:loQkdWhWyrfQDd50KGNvwVmWri59LGEy:yQkdko50KswVNO5JGftype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.InternalName: mpg4dmod.dllFileVersion: 9.00.00.4503ProductName: Microsoftxae Windows Media ServicesProductVersion: 9.00.00.4503FileDescription: Windows Media MPEG-4 Video DecoderTranslation: 0x0419 0x04b0

Spyware.15497 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0055e4091 )
Lionic	Trojan.Win32.HmBlocker.j!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Winlock.3260
Cynet	Malicious (score: 100)
ALYac	Spyware.15497
Cylance	Unsafe
Zillya	Trojan.HmBlocker.Win32.524
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
Alibaba	Ransom:Win32/Genasom.e10bf75b
K7GW	Trojan ( 0055e4091 )
Cybereason	malicious.e012a0
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/LockScreen.AFR
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Hmblocker-1170
Kaspersky	HEUR:Hoax.Win32.FrauDrop.gen
BitDefender	Spyware.15497
NANO-Antivirus	Trojan.Win32.HmBlocker.ecrjkj
ViRobot	Spyware.Ransom.HmBlocker.118784
MicroWorld-eScan	Spyware.15497
Tencent	Win32.Trojan.Hmblocker.Lmuq
Ad-Aware	Spyware.15497
Sophos	Mal/Generic-R + Troj/Zbot-ARU
Comodo	TrojWare.Win32.Kryptik.MNM@4urmgy
BitDefenderTheta	Gen:NN.ZexaF.34050.hq0@aSNFi@ni
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_SPNR.30IN13
McAfee-GW-Edition	PWS-Spyeye.av
FireEye	Generic.mg.3f60620e012a04f6
Emsisoft	Spyware.15497 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan/HmBlocker.auf
Webroot	W32.Spyware.Gen
Avira	TR/Crypt.ZPACK.Gen8
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.3CE8EE
Kingsoft	Win32.Troj.EncodeIe.ao.(kcloud)
Microsoft	Ransom:Win32/Genasom.EY
Arcabit	Spyware.D3C89
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
GData	Spyware.15497
TACHYON	Trojan/W32.HmBlocker.118784
AhnLab-V3	Trojan/Win32.Lebag.C96134
McAfee	PWS-Spyeye.av
MAX	malware (ai score=100)
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_SPNR.30IN13
Yandex	Trojan.HmBlocker.A
Ikarus	Gen.Variant.Carberp
Fortinet	W32/HmBlocker.DSQ!tr
AVG	Win32:Trojan-gen
Qihoo-360	Win32/Ransom.Genasom.HgIASOYA