Malware

Troj/Trickb-AO removal guide

Malware Removal

The Troj/Trickb-AO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Troj/Trickb-AO virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Generates some ICMP traffic

Related domains:

z.whorecord.xyz
a.tomx.xyz
api.ipify.org
158.102.105.176.zen.spamhaus.org
158.102.105.176.cbl.abuseat.org
158.102.105.176.b.barracudacentral.org
158.102.105.176.dnsbl-1.uceprotect.net
158.102.105.176.spam.dnsbl.sorbs.net

How to determine Troj/Trickb-AO?


File Info:

crc32: 8D769086
md5: 47ba62ce119f28a55f90243a4dd8d324
name: 47BA62CE119F28A55F90243A4DD8D324.mlw
sha1: e12851dd2353651d4249a13b0cbc4ca1cc06e753
sha256: 9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1
sha512: 45fd10c913b02416d4b8dd10249c13e87de30c3fd99a52f27ecbc9634d10493d1c4da797f14c08fded3b3f98e0fea3ddf57164c8a9ceb562498d463d65f6c652
ssdeep: 6144:6nhWubOStZ6AbgmgwLp3gUhWeGtuOPc/woVPHma1MXohuPATdTpNSTrbkYW412p:6nTltgBNwxgUXb/DGaXhu45pI3rep
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 1997
InternalName: CUSTOMIZE
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: CUSTOMIZE Application
ProductVersion: 1, 0, 0, 1
FileDescription: CUSTOMIZE MFC Application
OriginalFilename: CUSTOMIZE.EXE
Translation: 0x0409 0x04b0

Troj/Trickb-AO also known as:

BkavW32.AIDetect.malware2
ClamAVWin.Malware.Fkrt-9880578-0
ALYacTrojan.Agent.FKRT
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 005795911 )
K7AntiVirusTrojan ( 005795911 )
CyrenW32/Trickbot.GI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrickBot.DX
APEXMalicious
AvastWin32:BankerX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Trickpak.gen
BitDefenderTrojan.Agent.FKRT
ViRobotTrojan.Win32.Trickbot.557056.D
MicroWorld-eScanTrojan.Agent.FKRT
Ad-AwareTrojan.Agent.FKRT
SophosTroj/Trickb-AO
McAfee-GW-EditionTrickbot-FTKT!47BA62CE119F
FireEyeGeneric.mg.47ba62ce119f28a5
EmsisoftTrojan.Agent.FKRT (B)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Trickbot.TB!MTB
ZoneAlarmHEUR:Trojan.Win32.Trickpak.gen
GDataTrojan.Agent.FKRT
AhnLab-V3Trojan/Win.Injector.C4561249
McAfeeTrickbot-FTKT!47BA62CE119F
MAXmalware (ai score=80)
VBA32Trojan.Trickpak
MalwarebytesTrojan.TrickBot
PandaTrj/GdSda.A
IkarusTrojan-Spy.TrickBot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.L!tr
AVGWin32:BankerX-gen [Trj]

How to remove Troj/Trickb-AO?

Troj/Trickb-AO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment