Malware

Should I remove “Troj/Atbot-B”?

Malware Removal

The Troj/Atbot-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Atbot-B virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Atbot-B?



File Info:

name: 3DD6F91EE5D81D54951A.mlw
path: /opt/CAPEv2/storage/binaries/76ad2a78730e6c3507614e5f37d2b8c496b554295df823d56fa4d1a176cd8a07
crc32: C48B78EE
md5: 3dd6f91ee5d81d54951ab23b2befff5c
sha1: 89109ec65517e099d7e0ec5241378e7131372e60
sha256: 76ad2a78730e6c3507614e5f37d2b8c496b554295df823d56fa4d1a176cd8a07
sha512: 6c0a2d00714a257142a8141906f4d350f3d4e63e8c7d034a10cfc7b7204c5491f84e8c664cce5a85ab7dca83b8d34a65a18e62eab1abb26700ef967becd3787d
ssdeep: 24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4ep:ObCjPKNqQEfsw43qtmVfq4A
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5C5D0C5F2AA40E2DC123FF5582567C78B344E364B3840597BAB3D498F335E6C11AAB6
sha3_384: a7e7190589b8211106a53c012b669274e0ccddfb011451f11750fd61162445e835023f52a1bbb0f214fffdd2739792d5
ep_bytes: e837c20000e979feffffcccccccccccc
timestamp: 2010-01-15 16:09:54


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Neil Hodgson neilh@scintilla.org
FileDescription: SciTE - a Scintilla based Text Editor
FileVersion: 1.75
InternalName: SciTE
LegalCopyright: Copyright 1998-2007 by Neil Hodgson
OriginalFilename: SciTE.EXE
ProductName: SciTE
ProductVersion: 1.75

Troj/Atbot-B also known as:

MicroWorld-eScanTrojan.GenericKD.65207131
ClamAVWin.Trojan.Autoit-6996111-0
FireEyeGeneric.mg.3dd6f91ee5d81d54
ALYacTrojan.GenericKD.65207131
Cylanceunsafe
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 005936091 )
K7GWTrojan ( 005936091 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.AutoIt.GD
CyrenW32/Autoit.JFHF-9022
SymantecBloodhound.Malautoit
Elasticmalicious (high confidence)
ESET-NOD32MSIL/Spy.Agent.AGJ
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.65207131
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Sabsik.haq
EmsisoftTrojan.GenericKD.65207131 (B)
DrWebTrojan.Siggen17.49996
VIPRETrojan.GenericKD.65207131
TrendMicroTSPY_ATBOT.SMAR5
McAfee-GW-EditionBehavesLike.Win32.Dropper.vm
SophosTroj/Atbot-B
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.65207131
JiangminTrojan.Script.ciw
AviraTR/Agent.odipt
Antiy-AVLTrojan/Autoit.Winmgr.a
ArcabitTrojan.Generic.D3E2FB5B
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GoogleDetected
AhnLab-V3Spyware/Win.Atbot.R531437
McAfeeGenericRXAA-FA!3DD6F91EE5D8
MAXmalware (ai score=88)
VBA32Trojan.Autoit.Obfus
MalwarebytesBackdoor.Bladabindi
TrendMicro-HouseCallTSPY_ATBOT.SMAR5
RisingTrojan.Obfus/Autoit!1.E083 (CLASSIC)
IkarusTrojan.MSIL.Spy
MaxSecureTrojan.Malware.121218.susgen
FortinetAutoIt/Packed.RN!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.ee5d81

How to remove Troj/Atbot-B?

Troj/Atbot-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment