About “Trojan-Banker.Win32.ClipBanker.qke” infection

Malware Removal

The Trojan-Banker.Win32.ClipBanker.qke is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Banker.Win32.ClipBanker.qke virus can do?

  • Attempts to connect to a dead IP:Port (3 unique times)
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Vietnamese
  • Looks up the external IP address
  • Creates a hidden or system file
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
api.ipify.org
ocsp.comodoca.com
ocsp.usertrust.com
checkip.dyndns.org
ocsp.sectigo.com

How to determine Trojan-Banker.Win32.ClipBanker.qke?


File Info:

crc32: EE0E941D
md5: aab46061c7167738773da5d9cfd95fd8
name: AAB46061C7167738773DA5D9CFD95FD8.mlw
sha1: 6e155abb712e244c3f0b630a72610567ef126fd5
sha256: 179c495abd731f849edcae588ef0f67978d9531cae1239e2eb3d3c1cee1bfff0
sha512: 8ebf7e79c7adc372359091a1ce8fb86c047b19f984a29f58ddfc9a489ff05345acef6b6792e324f9b7652ffa13d45e0f7d6b3475046252845d6f32f85f19af3c
ssdeep: 24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaJ/45:gh+ZkldoPK8YaJG
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: AutoPro by PTV xa92013-2021
FileVersion: 3.3.14.5
CompanyName: AutoPro by PTV xa92013-2021
LegalTradeMarks: AutoPro by PTV xa92013-2021
Comments: AutoPro by PTV xa92013-2021
ProductName: AutoPro by PTV xa92013-2021
ProductVersion: 3.3.14.5
FileDescription: AutoPro by PTV xa92013-2021
Translation: 0x042a 0x04b0

Trojan-Banker.Win32.ClipBanker.qke also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Gamehack.3!e
CylanceUnsafe
APEXMalicious
AvastFileRepMalware
KasperskyTrojan-Banker.Win32.ClipBanker.qke
BitDefenderTrojan.GenericKD.37507671
MicroWorld-eScanTrojan.GenericKD.37507671
Ad-AwareTrojan.GenericKD.37507671
FireEyeTrojan.GenericKD.37507671
EmsisoftTrojan.GenericKD.37507671 (B)
ArcabitTrojan.Generic.D23C5257
ZoneAlarmTrojan-Banker.Win32.ClipBanker.qke
McAfeeArtemis!AAB46061C716
MAXmalware (ai score=89)
IkarusTrojan.Agent
FortinetMalicious_Behavior.SB
AVGFileRepMalware

How to remove Trojan-Banker.Win32.ClipBanker.qke?

Trojan-Banker.Win32.ClipBanker.qke removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment