Trojan

Trojan-Banker.Win32.RTM.gpr removal guide

Malware Removal

The Trojan-Banker.Win32.RTM.gpr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.RTM.gpr virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan-Banker.Win32.RTM.gpr?



File Info:

crc32: F8D9A668
md5: cde2161c828b9760cca8c26c3c46d893
name: CDE2161C828B9760CCA8C26C3C46D893.mlw
sha1: db1a6a704d9a9c65656514d4c7f13b0faed26251
sha256: 9cd601ba6eb7f3d2d80aa784e05d8de802d58fd23fd50d040d22602ab12cc986
sha512: 3fbcc8de27d777ff9520aa8f71addeedffc474be40107457989aa964880af117aa3d2c19aa020dbd32cd724c4dcce82eeab9ded023770561b3e56560bd17e2c0
ssdeep: 6144:x/+9DR9L2Y6fGKUjts0/UCLk3+gA5sE5uHd:RkvIfnMs596S9
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan-Banker.Win32.RTM.gpr also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.72161
FireEyeGeneric.mg.cde2161c828b9760
ALYacTrojan.GenericKDZ.72161
CylanceUnsafe
SangforMalware
K7AntiVirusSpyware ( 0040f0131 )
BitDefenderTrojan.GenericKDZ.72161
K7GWSpyware ( 0040f0131 )
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaGen:NN.ZedlaF.34700.nE4@aa8g2Aii
CyrenW32/Kryptik.CUW.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-Banker.Win32.RTM.gpr
TencentMalware.Win32.Gencirc.10ce2b66
Ad-AwareTrojan.GenericKDZ.72161
SophosML/PE-A + Mal/EncPk-APV
McAfee-GW-EditionBehavesLike.Win32.Trojan.vz
EmsisoftTrojan.GenericKDZ.72161 (B)
JiangminTrojan.Banker.RTM.tz
Antiy-AVLGrayWare/Win32.Kryptik.ehls
MicrosoftTrojan:Win32/Wacatac.B!ml
GridinsoftTrojan.Win32.Kryptik.oa!s1
ArcabitTrojan.Generic.D119E1
ZoneAlarmTrojan-Banker.Win32.RTM.gpr
GDataTrojan.GenericKDZ.72161
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.R359732
McAfeeW32/PinkSbot-HF!CDE2161C828B
MAXmalware (ai score=85)
VBA32BScope.Backdoor.Qbot
MalwarebytesTrojan.TrickBot
ESET-NOD32a variant of Win32/Kryptik.HIKD
RisingTrojan.Kryptik!8.8 (TFE:2:ItOo6ejRx2)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.HDNN!tr
AVGWin32:Trojan-gen
Qihoo-360HEUR/QVM40.1.2405.Malware.Gen

How to remove Trojan-Banker.Win32.RTM.gpr?

Trojan-Banker.Win32.RTM.gpr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment