Malware

Troj/Upatre-YS removal guide

Malware Removal

The Troj/Upatre-YS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Upatre-YS virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Troj/Upatre-YS?



File Info:

name: C935C9E63F6205C89213.mlw
path: /opt/CAPEv2/storage/binaries/d58fbef0fba51fbcb3b735a9cd56eb6b31469e73a498e037a4d9c1db645d1f33
crc32: 28978564
md5: c935c9e63f6205c89213f7fb485d511a
sha1: c695ea4018e23c50162eb09b51398aefc3149f5f
sha256: d58fbef0fba51fbcb3b735a9cd56eb6b31469e73a498e037a4d9c1db645d1f33
sha512: f5a26ac7990e77805a0e6a737e55f99d931fd79ad246b9470089c4811fde1c88029fc6dfddb810d5078dc6dd81070540781f7f5ecdf746c35c5f53cf0e5ace75
ssdeep: 192:Kze+m0y4SCB9zYT+7rBsqg1juzFNhKIPYvOgWeegOuS:KzFm0y419vBLSuzxdxuS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11E32B83CAED55672D37BDAB5C5F645C6F971B02339029C0E51CA03860C13F66EEA2A1E
sha3_384: 1c06b392e9728c1d9595b2c4cd247f96199be8d7c43444bf77fce5dc9b5d5b1f9bdf6067faf2631d0033cd7c5b8df600
ep_bytes: 558d6c248881ecd408000053565733db
timestamp: 2014-01-27 12:19:18


Version Info:

0: [No Data]

Troj/Upatre-YS also known as:

BkavW32.AIDetectNet.01
tehtrisGeneric.Malware
CynetMalicious (score: 100)
FireEyeGeneric.mg.c935c9e63f6205c8
CAT-QuickHealDownloader.Upatre.27298
McAfeeDownloader-FML!C935C9E63F62
Cylanceunsafe
ZillyaDownloader.Waski.Win32.30850
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 004941701 )
K7GWTrojan-Downloader ( 004941701 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.36132.ayX@amCIzXpi
CyrenW32/Upatre.JY.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.B
APEXMalicious
ClamAVWin.Malware.Upatre-6997681-0
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.gen
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad3.gvhbue
MicroWorld-eScanTrojan.Ppatre.Gen.1
AvastWin32:Upatre-V [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
SophosTroj/Upatre-YS
F-SecureHeuristic.HEUR/AGEN.1317165
DrWebTrojan.DownLoad3.33424
VIPRETrojan.Ppatre.Gen.1
TrendMicroTROJ_UPATRE.SMZ2
McAfee-GW-EditionBehavesLike.Win32.Generic.lt
Trapminemalicious.high.ml.score
EmsisoftTrojan.Ppatre.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojan.Generic.epjbp
AviraHEUR/AGEN.1317165
Antiy-AVLTrojan/Win32.Waski.a
XcitiumTrojWare.Win32.TrojanDownloader.Waski.BU@7nmtnf
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmHEUR:Trojan-Downloader.Win32.Upatre.gen
MicrosoftTrojan:Win32/Zbot.VHO!MTB
GoogleDetected
AhnLab-V3Malware/Win32.Generic.R98727
ALYacTrojan.Ppatre.Gen.1
MAXmalware (ai score=80)
VBA32Trojan.Download
MalwarebytesTrojan.Downloader
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMZ2
RisingSpyware.Zbot!8.16B (TFE:1:mhy8irZdGSI)
IkarusTrojan-Downloader.Win32.Waski
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Waski.B!tr
AVGWin32:Upatre-V [Trj]
DeepInstinctMALICIOUS

How to remove Troj/Upatre-YS?

Troj/Upatre-YS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment