Malware

Troj/Mdrop-JTO removal guide

Malware Removal

The Troj/Mdrop-JTO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Mdrop-JTO virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Mimics icon used for popular non-executable file format

How to determine Troj/Mdrop-JTO?



File Info:

name: 11B6197F47767D884AB7.mlw
path: /opt/CAPEv2/storage/binaries/44ee0acb7fbe56d10ae7a54ace0c5f5cc9a37628b2fa7152300f4a44cf19d1ac
crc32: E86008BC
md5: 11b6197f47767d884ab768ec1c50faa9
sha1: d93ef029d543af9360ac0e862072f70e94dac3e1
sha256: 44ee0acb7fbe56d10ae7a54ace0c5f5cc9a37628b2fa7152300f4a44cf19d1ac
sha512: 0b34129cea39bc593563eb057862d7f16b26bece9cca75dabc4649735db767c027484167683cc23bcc0bf4e2c949ed9c68a6047c2bef78a58371c5bcb0a30acd
ssdeep: 24576:akOqKZk1wnks67/c1ubufdLZmN1VUZmK6bo4Sak1UQzF3chFJj9S8bIVm1:akOzUwkjg1ssJZmXiZmHk4Sak1UkFsf/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F745C01BF68003B1C1D11672296E99F25B3BAD7A52EAD99120D8F10D3273E21D33B6DD
sha3_384: 496c7c25ea6e4d8d8ca9bb6ed007a84b5fe2ea7ee17b279938cbac691a6ee464acf1539fa688e70fe989da2a0dbff213
ep_bytes: e8ff190000e97ffeffff3b0da0404100
timestamp: 2010-01-01 04:20:07


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Word
FileVersion: 14.0.6024.1000
InternalName: WinWord
LegalCopyright: © 2010 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: WinWord.exe
ProductName: Microsoft Office 2010
ProductVersion: 14.0.6024.1000
Translation: 0x0000 0x04e4

Troj/Mdrop-JTO also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKDZ.98267
FireEyeGeneric.mg.11b6197f47767d88
CAT-QuickHealTrojan.GenericRI.S31673826
SkyhighBehavesLike.Win32.Generic.tc
McAfeeGenericRXMT-FC!11B6197F4776
MalwarebytesGeneric.Malware.AI.DDS
VIPRETrojan.GenericKDZ.98267
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.525115031F
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.RTY
APEXMalicious
ClamAVWin.Malware.Facido-9768987-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.98267
NANO-AntivirusTrojan.Win32.Fakealert.fhnukn
AvastWin32:DropperX-gen [Drp]
TencentTrojan.Win32.Agent.hct
EmsisoftTrojan.GenericKDZ.98267 (B)
DrWebTrojan.Fakealert.58572
ZillyaDropper.Agent.Win32.577562
Trapminemalicious.high.ml.score
SophosTroj/Mdrop-JTO
IkarusTrojan.Win32.Dropper
JiangminTrojan.Generic.hrsto
ALYacTrojan.GenericKDZ.98267
Antiy-AVLTrojan[Dropper]/Win32.Facido
Kingsoftmalware.kb.a.1000
MicrosoftTrojanDropper:Win32/Facido.A!bit
XcitiumTrojWare.Win32.TrojanDropper.Facido.A@7d50kc
ArcabitTrojan.Generic.D17FDB
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.PSE.1X3M469
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win.FC.C5393477
Acronissuspicious
VBA32BScope.TrojanDropper.Agent
GoogleDetected
MAXmalware (ai score=80)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingDropper.Agent!1.B38C (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.RTY!tr
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.f47767
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Facido.A

How to remove Troj/Mdrop-JTO?

Troj/Mdrop-JTO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment