Trojan

Trojan-Downloader.Win32.GCleaner.pa removal guide

Malware Removal

The Trojan-Downloader.Win32.GCleaner.pa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.GCleaner.pa virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Trojan-Downloader.Win32.GCleaner.pa?



File Info:

name: BEF53FD9421BEDBF3F53.mlw
path: /opt/CAPEv2/storage/binaries/bcc7c026b916673e4fac551e5aafb2e000741fb75022379f27e6848d7238eb8c
crc32: 3CC87BF5
md5: bef53fd9421bedbf3f53611b4e004543
sha1: 3fa3c4b58f407fb7ae1f40b2a89d5ba97db4843e
sha256: bcc7c026b916673e4fac551e5aafb2e000741fb75022379f27e6848d7238eb8c
sha512: dd67b296051ec87149e1242a736843baac82d9c9567aebd4a64c4918925421be5efc896a635d2c886516da1483b1b5fac104497f25dedd09568c492d1889bc0b
ssdeep: 24576:SfOySCwTP37Vm8UAGEy0vwo5IvtMtY+YUSJHv1FX3cVnCQShNa4MA5l0zJEHbE8N:SGvZTDVvGl7HmYr7c9Crw4MtdEXN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T186553367DB9B4036E622E7B40DDA89616F3A7C65B33C5084BF8C0C6E1F1638192B2757
sha3_384: e1f701d120430a964c5bc9b753fd5eb1c6a27207ee3092b1ad88d7c79b6ae3fb7ead2cf09fa772c1a6b02727f2df9abe
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Nvidm Labs, Inc.                                            
FileDescription: Virtual Disk Manager                                        
FileVersion: 1.0.0.10            
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan-Downloader.Win32.GCleaner.pa also known as:

CylanceUnsafe
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan-Downloader.Win32.GCleaner.pa
AvastWin32:Adware-gen [Adw]
SophosMal/Generic-S
McAfee-GW-EditionArtemis
GDataWin32.Malware.GleaMal.C7L7FJ
JiangminTrojan.Ekstak.bvsc
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!BEF53FD9421B
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Trojan-Downloader.Win32.GCleaner.pa?

Trojan-Downloader.Win32.GCleaner.pa removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment