Trojan

How to remove “Trojan-Downloader.Win32.GCleaner”?

Malware Removal

The Trojan-Downloader.Win32.GCleaner is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Downloader.Win32.GCleaner virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Trojan-Downloader.Win32.GCleaner?


File Info:

name: C70FF6464A110B77FCFA.mlw
path: /opt/CAPEv2/storage/binaries/4c2a2053a0ef0947d1e9b3440d94d56d784d53e507b70fe51c3b39c49b64ea8d
crc32: 5CCB8530
md5: c70ff6464a110b77fcfaaadd1c366e90
sha1: 13750e3256f55d71b29180133ede12279b34162e
sha256: 4c2a2053a0ef0947d1e9b3440d94d56d784d53e507b70fe51c3b39c49b64ea8d
sha512: 6443375883b1d8f207fee77c4f9dff854c499d11335bf15ae28289e3d19a5858de3671bb8fb3918787bcc929ff627be4cbf9f99245cbb775326fceb7a7c2dd41
ssdeep: 98304:dZ+SicZBRNFouGsUvc6GwO2SRd6Ftiw80castFumnrEOOQ:igrLKuGsUvMLOFMx0cxc0rf5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16A3633A0CC8308B7F4168974686CC849D9BEBCD75A386DA07E9CEA7CBD17D6279D4301
sha3_384: 0a506827bff1857d00845b8ea67aec1602aef8e8fc98067311cb550bbd419eeaf4b87ab08d11f8aa403467dda51f2b70
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: LFD "SysDev Lafd"
FileDescription: Data Recovery for HFS+ Setup
FileVersion:
LegalCopyright:
Translation: 0x0409 0x04e4

Trojan-Downloader.Win32.GCleaner also known as:

McAfeeArtemis!C70FF6464A11
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDownloader:Win32/GCleaner.2ae08949
K7GWTrojan ( 005722fe1 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyHEUR:Trojan-Downloader.Win32.GCleaner.gen
AvastWin32:Trojan-gen
McAfee-GW-EditionArtemis
Trapminemalicious.moderate.ml.score
JiangminTrojan.Ekstak.bvhp
AviraTR/Drop.Agent.hprqf
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.Kryptik.7G9U4T
CynetMalicious (score: 99)
MalwarebytesAdware.DownloadAssistant
IkarusTrojan-Dropper.Win32.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen

How to remove Trojan-Downloader.Win32.GCleaner?

Trojan-Downloader.Win32.GCleaner removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment