Malware

How to remove “Symmi.31209”?

Malware Removal

The Symmi.31209 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.31209 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Symmi.31209?



File Info:

name: 0021C1A7F49721A232A7.mlw
path: /opt/CAPEv2/storage/binaries/6ae23b32e80fecc887292bdaf6ba6c1475d18bf3b7f50fafdc602d0cb891b71f
crc32: DD68F869
md5: 0021c1a7f49721a232a7d56ea8206966
sha1: aa049884db5ae4c382aee5cf0e96176503be06d8
sha256: 6ae23b32e80fecc887292bdaf6ba6c1475d18bf3b7f50fafdc602d0cb891b71f
sha512: afcdcc8a3c32f6bbee2d5bcaa4d895566e565051a2b82aa4c273e1426bd3b3e62923ed01c80b37c9ac4c8cbddf29399341c7511b300603118b6e3cd2477d7148
ssdeep: 3072:Eh7rP8LzANQrsrQwg/gngvQjA7AnJCag3JCZJCrwigRgHFTFggHgnQqQlQiwewDr:Eh/PGora8zo0Ysru7gHT/A1ultJMsMP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T184D366B672D4289AF05B2974267E03B20CFA548D254612D33BB79FEBAF55FC0C0645A3
sha3_384: 8b0538ffb7713e8027c1b539bfbf61cd79a875e56b2428cb9fad2fa5aa9045e5a975880abcd0ae5bc57efea84b43e13b
ep_bytes: 68c4124000e8f0ffffff000048000000
timestamp: 2010-07-24 14:15:22


Version Info:

Translation: 0x0409 0x04b0
ProductName: JRmLcNPL
FileVersion: 1.52
ProductVersion: 1.52
InternalName: JRmLcNPL
OriginalFilename: JRmLcNPL.exe

Symmi.31209 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop1.40423
MicroWorld-eScanGen:Variant.Symmi.31209
CAT-QuickHealWorm.VBNA.gen
SkyhighBehavesLike.Win32.VBObfus.cm
McAfeeDownloader-CJX.gen.g
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Symmi.31209
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.7f4972
BitDefenderThetaAI:Packer.E3F1AE6A20
VirITTrojan.Win32.Inject.UN
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.RU
APEXMalicious
TrendMicro-HouseCallWORM_VB.SMRX
ClamAVWin.Trojan.VB-1162
KasperskyTrojan.Win32.Vobfus.avvo
BitDefenderGen:Variant.Symmi.31209
NANO-AntivirusTrojan.Win32.VB.cojaqg
SUPERAntiSpywareTrojan.Agent/Gen-FakeAlert[Alg]
AvastWin32:AutoRun-BLX [Wrm]
EmsisoftGen:Variant.Symmi.31209 (B)
F-SecureWorm:W32/Vobfus.BS
BaiduWin32.Trojan.VB.a
TrendMicroWORM_VB.SMRX
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.0021c1a7f49721a2
SophosMal/SillyFDC-D
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=87)
JiangminWorm.WBNA.boim
WebrootW32.Obfuscated.Gen
GoogleDetected
AviraWORM/VBNA.kasww
VaristW32/Vobfus.E.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus!pz
XcitiumTrojWare.Win32.VB.SWA@527lh3
ArcabitTrojan.Symmi.D79E9
ViRobotWorm.Win32.A.VBNA.141312
ZoneAlarmTrojan.Win32.Vobfus.avvo
GDataGen:Variant.Symmi.31209
CynetMalicious (score: 100)
AhnLab-V3Win32/Vbna4.worm.Gen
VBA32TScope.Trojan.VB
ALYacGen:Variant.Symmi.31209
TACHYONWorm/W32.VB-Agent.141312.B
Cylanceunsafe
PandaW32/VobfusLNK.A
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.1231436.susgen
FortinetW32/VBObfus.BDBD!tr
AVGWin32:AutoRun-BLX [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudWorm.Win.Vobfus.c3b51fc6

How to remove Symmi.31209?

Symmi.31209 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment