Trojan

Trojan-Banker.Win32.RTM.hvg information

Malware Removal

The Trojan-Banker.Win32.RTM.hvg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.RTM.hvg virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan-Banker.Win32.RTM.hvg?



File Info:

crc32: 1DD8C206
md5: eba04dce6980a695e7563ab1962ad0aa
name: EBA04DCE6980A695E7563AB1962AD0AA.mlw
sha1: 53ab7fd5c0c56e0a46a2ae318ad2a94704a90e6c
sha256: ceb4b15d1a953f0ca65250bf7e70bdcf8820b6e512d2f833e520fed842f4c438
sha512: 456958b0e64a0fbdef1cf48f43378c87808db10bc801bd51c40941a0a648ab22b63a305cacd5c6bdf67e7f3c7d6d1040101eff4e81f12266b358dd1cd60c0eaa
ssdeep: 6144:4wsjfhIZ77mLRMtvGUpRGcZ8yhHVh8f45mlazlIEVDe7PEHf:rAhIZ77mL+pMxyVL8fePzlIRc/
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Connect to a Network Projector
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: Connect to a Network Projector
OriginalFilename: NetProj.exe
Translation: 0x0409 0x04b0

Trojan-Banker.Win32.RTM.hvg also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35949170
FireEyeGeneric.mg.eba04dce6980a695
Qihoo-360HEUR/QVM40.1.4FD7.Malware.Gen
McAfeeGenericRXNE-MP!EBA04DCE6980
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 005757e21 )
BitDefenderTrojan.GenericKD.35949170
K7GWTrojan ( 005757e21 )
CrowdStrikewin/malicious_confidence_80% (D)
APEXMalicious
KasperskyTrojan-Banker.Win32.RTM.hvg
Ad-AwareTrojan.GenericKD.35949170
SophosML/PE-A + Mal/EncPk-APV
McAfee-GW-EditionBehavesLike.Win32.Trojan.vt
EmsisoftTrojan.GenericKD.35949170 (B)
MAXmalware (ai score=87)
Antiy-AVLGrayWare/Win32.Kryptik.ehls
MicrosoftTrojan:Win32/Qakbot.MK!MTB
ArcabitTrojan.Generic.D2248A72
ZoneAlarmTrojan-Banker.Win32.RTM.hvg
GDataTrojan.GenericKD.35949170
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZedlaF.34700.uw8@a8i3Wkni
ALYacTrojan.GenericKD.35949170
VBA32BScope.Trojan.Diple
ESET-NOD32a variant of Win32/Kryptik.HILY
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
FortinetW32/Kryptik.HIDC!tr

How to remove Trojan-Banker.Win32.RTM.hvg?

Trojan-Banker.Win32.RTM.hvg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment