Malware

Troj/Formbok-PO removal guide

Malware Removal

The Troj/Formbok-PO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Troj/Formbok-PO virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Formbook malware family

How to determine Troj/Formbok-PO?


File Info:

name: 02F70A35C51B230BD5E7.mlw
path: /opt/CAPEv2/storage/binaries/9eb83b030fff6874a3a944d6f8c97f8e9930075891cfa0a62e01625c89396c1b
crc32: B62FD8EA
md5: 02f70a35c51b230bd5e71a1eb4c6ab1a
sha1: 6d462c2499c0061761a60a269110b4397d50ad97
sha256: 9eb83b030fff6874a3a944d6f8c97f8e9930075891cfa0a62e01625c89396c1b
sha512: fa7119e692eaf2b0a0e7db8ca474a1525ce7c368fb7b2c135e97b1ff58a46039619f7e9f80b4fa3174d27d86c20b684387f45dd313aafdbf0cbf0e4cff6b5b71
ssdeep: 6144:+Gi3lToehk0qMzzMbS7HCV7KyU+1fIOMw4RxrqIJdvoslze6IM1bfuBYW6KsuNc8:eXBzCS7+KyV1ROv1PBfZaNJ6INkK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T123B401597F65C92BD355B1381AF1FB2CEB70D1D86E39C653BF01BAEC2A147DA2824102
sha3_384: 95abd90478b9401d489462e4a69522faf759271bd688e364aed9c315f529d1cf163b17b392284f62750d3f94101a8497
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01

Version Info:

0: [No Data]

Troj/Formbok-PO also known as:

LionicTrojan.Win32.Noon.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47619747
FireEyeTrojan.GenericKD.47619747
ALYacTrojan.GenericKD.47619747
CylanceUnsafe
K7AntiVirusTrojan ( 0058baa91 )
AlibabaTrojanSpy:Win32/Tnega.df7d3e13
K7GWTrojan ( 0058baa91 )
Cybereasonmalicious.5c51b2
CyrenW32/Injector.ARU.gen!Eldorado
SymantecPacked.Generic.606
ESET-NOD32a variant of Win32/Injector.EQSW
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Temonde-6571898-0
KasperskyHEUR:Trojan-Spy.Win32.Noon.gen
BitDefenderTrojan.GenericKD.47619747
AvastWin32:PWSX-gen [Trj]
TencentWin32.Trojan-spy.Noon.Glr
Ad-AwareTrojan.GenericKD.47619747
SophosTroj/Formbok-PO
Comodo.UnclassifiedMalware@0
DrWebTrojan.Siggen16.3482
TrendMicroTROJ_FRS.0NA103LD21
McAfee-GW-EditionRDN/Formbook
EmsisoftTrojan.GenericKD.47619747 (B)
IkarusTrojan.Win32.Injector
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Lokibot.VALC!MTB
GDataWin32.Trojan-Stealer.FormBook.YRAYVG
AhnLab-V3Trojan/Win.Formbook.C4840413
McAfeeRDN/Formbook
MAXmalware (ai score=80)
VBA32TrojanSpy.Noon
MalwarebytesTrojan.Injector
TrendMicro-HouseCallTROJ_FRS.0NA103LD21
YandexTrojan.Igent.bW5Vms.23
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.EQTC!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Troj/Formbok-PO?

Troj/Formbok-PO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment