Malware

Tatrio.4 (B) removal

Malware Removal

The Tatrio.4 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tatrio.4 (B) virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Executed a process and injected code into it, probably while unpacking
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Collects information to fingerprint the system

Related domains:

configpaid.hopto.org

How to determine Tatrio.4 (B)?



File Info:

crc32: 45FF960D
md5: 036e2584148eb5111b7e78835dfb22b5
name: 036E2584148EB5111B7E78835DFB22B5.mlw
sha1: a434806f0660f1526600b166291a114496a93f66
sha256: 2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366
sha512: 3fd80a96675000e558f05c04a9f60afc8409819d82ab3fb4022cc6e42c951c0b8f20fcd9ff1f75a99575117f538fdcad502424e34f9796d7c41de822bd01d5d8
ssdeep: 1536:I589ZvRWugMwhFL01OYdWMtKpi/8PH1IhX46dcv7KfTZXCDFhjH8sVHh/9ne7ZR:G8950tudWMoLPiyucv7YZXCD9Pne7fs
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: vip72socks
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: vip72socks

Tatrio.4 (B) also known as:

K7AntiVirusTrojan ( 0051c2441 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader9.26652
CynetMalicious (score: 100)
CAT-QuickHealBackdoor.Bladabindi.AL3
ALYacGen:Variant.Tatrio.4
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0051c2441 )
Cybereasonmalicious.4148eb
BaiduMSIL.Trojan-Dropper.Binder.a
CyrenW32/MSIL_Bladabindi.AS.gen!Eldorado
SymantecBackdoor.Ratenjay
ESET-NOD32a variant of MSIL/TrojanDropper.Binder.CA
APEXMalicious
AvastMSIL:Agent-DRD [Trj]
ClamAVWin.Trojan.B-468
KasperskyBackdoor.Win32.Androm.mpsg
BitDefenderGen:Variant.Tatrio.4
NANO-AntivirusTrojan.Win32.Agent.dzsrep
MicroWorld-eScanGen:Variant.Tatrio.4
Ad-AwareGen:Variant.Tatrio.4
SophosML/PE-A + Troj/dnsauce-B
ComodoTrojWare.MSIL.TrojanDropper.Binder.CA@7nerge
BitDefenderThetaGen:NN.ZemsilF.34110.nm0@aWjKkeb
VIPREBackdoor.MSIL.Bladabindi.a (v)
TrendMicroTROJ_BINDER.SMA
McAfee-GW-EditionTrojan-FIKD!036E2584148E
FireEyeGeneric.mg.036e2584148eb511
EmsisoftGen:Variant.Tatrio.4 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.bcpht
AviraBDS/Bladabindi.alif
eGambitUnsafe.AI_Score_100%
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Variant.Tatrio.4
McAfeeTrojan-FIKD!036E2584148E
MAXmalware (ai score=83)
VBA32Trojan.MSIL.Disfa
MalwarebytesBladabindi.Backdoor.Njrat.DDS
TrendMicro-HouseCallTROJ_BINDER.SMA
RisingBackdoor.Njrat!1.9E49 (CLASSIC)
IkarusTrojan-Dropper.MSIL
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Dropper_Binder.BS!tr
AVGMSIL:Agent-DRD [Trj]
Paloaltogeneric.ml

How to remove Tatrio.4 (B)?

Tatrio.4 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment