Trojan

Trojan.ExplorerHijack.Ny0aaKoe2Cfb removal

Malware Removal

The Trojan.ExplorerHijack.Ny0aaKoe2Cfb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.ExplorerHijack.Ny0aaKoe2Cfb virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks for the presence of known devices from debuggers and forensic tools
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.ExplorerHijack.Ny0aaKoe2Cfb?



File Info:

crc32: FA0F15C2
md5: 3499c0cfc9d30d2637867d55822c03dc
name: 3499C0CFC9D30D2637867D55822C03DC.mlw
sha1: 3c852fc54c7ca4130939da38b12a71dcef8785fb
sha256: 45fc8f2107a0bbb1324e69404d8dd60db0fa742c6b784205a5f3444d7be2a22c
sha512: 39f862329e92c0dca049fb6520cda6a2980f6b7ff419a229d0308db4172add93055b636ce638e32de947f0f6f303c499675930f9b3c6335f869595593b81306c
ssdeep: 12288:R/IY2iLUhXtAJITTj2hhs/tN/KFAsF3Z4mxxs0MHoTAFbX:R/EiLUh+UEYX/EQmXsKc
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C) Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0804 0x04b0

Trojan.ExplorerHijack.Ny0aaKoe2Cfb also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005376ae1 )
LionicTrojan.Win32.Hupigon.lhwH
Elasticmalicious (high confidence)
DrWebTrojan.Packed.Based
CynetMalicious (score: 100)
ALYacGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb
CylanceUnsafe
ZillyaBackdoor.Prosti.Win32.405
SangforTrojan.Win32.Black.d
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaBackdoor:Win32/Hupigon.44d3819c
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.fc9d30
CyrenW32/Hupigon.O.gen!Eldorado
ESET-NOD32Win32/Packed.ASProtect.AAB
ZonerProbably Heur.ExeHeaderH
APEXMalicious
AvastFileRepMalware
ClamAVWin.Trojan.Hupigon-6950520-0
KasperskyPacked.Win32.Black.d
BitDefenderGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb
NANO-AntivirusTrojan.Win32.Prosti.jdvl
ViRobotBackdoor.Win32.Prosti.644608
MicroWorld-eScanGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb
Ad-AwareGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb
SophosML/PE-A + Mal/Behav-270
ComodoPacked.Win32.Aspack.AB@1s8lrk
BitDefenderThetaAI:Packer.A438506A1D
VIPRETrojan.Win32.Generic!BT
TrendMicroMal_Pai-6
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.3499c0cfc9d30d26
EmsisoftGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb (B)
JiangminBackdoor/Prosti.aus
WebrootVir.Tool.Gen
AviraTR/Dropper.Gen
eGambitGeneric.Malware
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Trojan.ExplorerHijack.Ny0aaKoe2Cfb
AhnLab-V3Trojan/Win32.Graybird.C243410
Acronissuspicious
McAfeeArtemis!3499C0CFC9D3
MAXmalware (ai score=100)
VBA32Trojan-Dropper.Kaos
MalwarebytesMalware.AI.3214257140
PandaBck/Prosti.BE
TrendMicro-HouseCallMal_Pai-6
YandexBackdoor.Prosti!XLLjchAnL80
IkarusPacker.Win32.Klone.ao
FortinetW32/Hupigon.GE!tr.bdr
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Trojan.ExplorerHijack.Ny0aaKoe2Cfb?

Trojan.ExplorerHijack.Ny0aaKoe2Cfb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment