Trojan

How to remove “Trojan.Autoit.Obfus”?

Malware Removal

The Trojan.Autoit.Obfus is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Autoit.Obfus virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Autoit.Obfus?



File Info:

name: F887B35C8DAC035F5C6B.mlw
path: /opt/CAPEv2/storage/binaries/009b79f686765b47ca7230f02dd711740d9f05d15f98418b03f732447a357b6f
crc32: C4688C52
md5: f887b35c8dac035f5c6b8b03ab2eb3de
sha1: 74690882aef979c89d60661e2bded901badf93cb
sha256: 009b79f686765b47ca7230f02dd711740d9f05d15f98418b03f732447a357b6f
sha512: 2082accf29b85d3fc4e30aa27e1c4061040c09e3957db4c0c5de2c3c17e2da681fa7a7d77bdc4675672172f59cdfe53b021e7ed127e3a22c8165393a79fc735d
ssdeep: 24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4eI:ObCjPKNqQEfsw43qtmVfq43
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T136C5D0C5F2AA40E2DC123FF5582567C78B344E364B3840597BAB3D498F335E6C11AAB6
sha3_384: 2653adba355386e7d3b9115ab7bb249dacc97c769decf57b9cf64dd046f2a174e36ffd6cbc1791bf82d10021fa25a9c7
ep_bytes: e837c20000e979feffffcccccccccccc
timestamp: 2010-01-15 16:09:54


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Neil Hodgson neilh@scintilla.org
FileDescription: SciTE - a Scintilla based Text Editor
FileVersion: 1.75
InternalName: SciTE
LegalCopyright: Copyright 1998-2007 by Neil Hodgson
OriginalFilename: SciTE.EXE
ProductName: SciTE
ProductVersion: 1.75

Trojan.Autoit.Obfus also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanAIT:Trojan.Nymeria.1560
FireEyeGeneric.mg.f887b35c8dac035f
McAfeeGenericRXAA-FA!F887B35C8DAC
CylanceUnsafe
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 005936091 )
BitDefenderAIT:Trojan.Nymeria.1560
K7GWTrojan ( 005936091 )
Cybereasonmalicious.c8dac0
CyrenW32/ABRisk.CJSH-6753
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.FVUXFFJ
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Autoit-6996111-0
KasperskyUDS:Trojan.Win32.Generic
TencentMalware.Win32.Gencirc.10b588b8
Ad-AwareAIT:Trojan.Nymeria.1560
SophosMal/Generic-S
DrWebTrojan.Siggen17.49996
VIPREAIT:Trojan.Nymeria.1560
TrendMicroTSPY_ATBOT.SMAR5
McAfee-GW-EditionBehavesLike.Win32.Generic.vm
EmsisoftAIT:Trojan.Nymeria.1560 (B)
IkarusTrojan.SuspectCRC
JiangminTrojanSpy.MSIL.cuxn
AviraHEUR/AGEN.1213924
Antiy-AVLTrojan/Generic.ASCommon.2C0
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataAIT:Trojan.Nymeria.1560
GoogleDetected
AhnLab-V3Spyware/Win.Atbot.C5106658
ALYacAIT:Trojan.Nymeria.1560
MAXmalware (ai score=87)
VBA32Trojan.Autoit.Obfus
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_ATBOT.SMAR5
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetAutoIt/Packed.RN!tr
AVGWin32:Evo-gen [Trj]
AvastWin32:Evo-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Autoit.Obfus?

Trojan.Autoit.Obfus removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment