Fake Trojan

Trojan-FakeAV.Win32.XpAntivirus.wuy removal

Malware Removal

The Trojan-FakeAV.Win32.XpAntivirus.wuy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-FakeAV.Win32.XpAntivirus.wuy virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan-FakeAV.Win32.XpAntivirus.wuy?



File Info:

name: 5CD6A43A0984347ADFD4.mlw
path: /opt/CAPEv2/storage/binaries/10025fdc5589f44c1820a9136b623fa1ecad73f9b0b5c068d0baa2d75ef264f7
crc32: 64AE8BFC
md5: 5cd6a43a0984347adfd495f9e801a1c6
sha1: ab418448a716d88a21bffc4631c3c4241fc2a6f6
sha256: 10025fdc5589f44c1820a9136b623fa1ecad73f9b0b5c068d0baa2d75ef264f7
sha512: 592fcb26deb8ae0df74881dc0d5a9f0516986f35bda05b5a4b821d4739cbe32489320af83ec2ca4f7a8fa9e52e6e1990826c2dbfc93cf3a2c9ba4efc267e19c9
ssdeep: 3072:OEaFWtQLdt451eODOJCphbS/NaJshkiXrFIpad3KqIQpyrf8e4e6LoyHlfUsQ93x:M4tQLzOcCfG/Nnhkox1d6BDfsO3x
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8340209C078FD0DC531CF7ED927C93981AFF9540CCA86D51BEABA996E71F942422B05
sha3_384: 808eba62b458884937f9f2bcf4e767b2bdfa6b47151ddb6c8ac2ae7bd4ebcee516e4db84469ebef153bc9952942a529d
ep_bytes: 60be00f042008dbe0020fdff5783cdff
timestamp: 2015-07-21 13:32:58


Version Info:

CompanyName: Spotify Ltd
FileDescription: SpotifyInstaller
FileVersion: 0,0,0,0
InternalName: SpotifyInstaller
LegalCopyright: Copyright (c) 2015, Spotify Ltd
OriginalFilename: SpotifyInstaller.exe
ProductName: Spotify
ProductVersion: 1.0.10.107.gd0dfca3a
Translation: 0x0000 0x04b0

Trojan-FakeAV.Win32.XpAntivirus.wuy also known as:

BkavW32.AIDetectMalware
SkyhighBehavesLike.Win32.BadFile.dc
McAfeeArtemis!5CD6A43A0984
AlibabaTrojan:Win32/XpAntivirus.3b6a97a0
CynetMalicious (score: 100)
KasperskyTrojan-FakeAV.Win32.XpAntivirus.wuy
NANO-AntivirusTrojan.Win32.FakeAV.exivpo
DrWebTrojan.DownLoader26.13202
JiangminTrojan.Generic.djegi
ZoneAlarmTrojan-FakeAV.Win32.XpAntivirus.wuy
Cylanceunsafe
RisingTrojan.FakeAV!8.175 (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
CrowdStrikewin/grayware_confidence_60% (D)

How to remove Trojan-FakeAV.Win32.XpAntivirus.wuy?

Trojan-FakeAV.Win32.XpAntivirus.wuy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment