Trojan.Dropper.SFXAI removal tips

The Trojan.Dropper.SFXAI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Dropper.SFXAI virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Detected script timer window indicative of sleep style evasion
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
A scripting utility was executed
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to stop active services
Installs itself for autorun at Windows startup
Creates a hidden or system file
Interacts with known DarkComet registry keys
The sample wrote data to the system hosts file.
Creates known Fynloski/DarkComet mutexes

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan.Dropper.SFXAI?


File Info:
crc32: 36AE6932
md5: 7c995e3520c50bd7102abc6eb2caf3a7
name: 7C995E3520C50BD7102ABC6EB2CAF3A7.mlw
sha1: a14febc6a392f3e7b528a8673baa5d2d155f1e05
sha256: 61469cd1428330861a70c9e6421f2e590bf93f235cb65416073c3abd8b75389b
sha512: cba55b87257b55662a8a43aa0b26fa790a37d0471d8ecfc34d5b04c3dd5868f5e60bc2d40de7dee870d72097b039b38096fa1ec6a488df9f0b72106fa1bcbc8c
ssdeep: 24576:caUxvxK4jY1G970h5iN+Z5H5w+8YCWFqupsbsiBhzCHlrl+rH6GGXT9aC4tdNZHs:wJKGIhrZpG+8YLygiB45l+rgj9IdNFLA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan.Dropper.SFXAI also known as:

MicroWorld-eScan	Trojan.Generic.13018638
FireEye	Trojan.Generic.13018638
CAT-QuickHeal	TrojanDropper.Slipafext
Qihoo-360	Win32/Backdoor.PoisonIvy.HwYD4t8A
ALYac	Trojan.Generic.13018638
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic.pak!cobra
AegisLab	Trojan.Win32.Generic.4!c
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.Generic.13018638
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.520c50
BitDefenderTheta	AI:Packer.86E61DA51F
Symantec	Trojan.Gen.MBT
TrendMicro-HouseCall	TROJ_GEN.R002C0DAQ21
Avast	Win32:Malware-gen
Kaspersky	Backdoor.Win32.Poison.jpxq
Alibaba	Backdoor:Win32/Poison.68fba014
NANO-Antivirus	Trojan.Win32.Poison.iiwzid
ViRobot	Trojan.Win32.Z.Dropper.1316962
Ad-Aware	Trojan.Generic.13018638
Sophos	Mal/Generic-S
Comodo	Application.Win32.BlkIC.IMG@1qp8gx
F-Secure	Trojan.TR/Dropper.Gen
TrendMicro	TROJ_GEN.R002C0DAQ21
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Emsisoft	Trojan.Generic.13018638 (B)
Ikarus	Trojan.Dropper
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
Microsoft	TrojanDropper:Win32/Slipafext.A
Arcabit	Trojan.Generic.DC6A60E
ZoneAlarm	Backdoor.Win32.Poison.jpxq
GData	Trojan.Generic.13018638
Cynet	Malicious (score: 90)
McAfee	GenericR-DDC!7C995E3520C5
MAX	malware (ai score=81)
Malwarebytes	Trojan.Dropper.SFXAI
Panda	Trj/CI.A
APEX	Malicious
ESET-NOD32	Win32/Fynloski.AA
Rising	Worm.VBInjectEx!1.99E6 (CLASSIC)
Yandex	Trojan.Agent!wTU3m7o9E04
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/GenericR.DDC!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan.Dropper.SFXAI?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan.Dropper.SFXAI removal tips