Fake Trojan

Trojan.FakeMS.ED malicious file

Malware Removal

The Trojan.FakeMS.ED is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.FakeMS.ED virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Performs some HTTP requests
  • Attempts to remove evidence of file being downloaded from the Internet
  • Detects Sandboxie through the presence of a library
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Attempts to create or modify system certificates
  • Anomalous binary characteristics

Related domains:

www.adobe.com
simpledomain.biz

How to determine Trojan.FakeMS.ED?



File Info:

crc32: AE6E091D
md5: a1593e5709f46628bd19c92905a2dc7b
name: A1593E5709F46628BD19C92905A2DC7B.mlw
sha1: 1f27053a46e6af89d025932616376d3397bfe32c
sha256: f8ced96c3a506495b48fc2b5c5ba16d953e265a52cf2d98c162d24da6ad0d1f7
sha512: ec268f27952b24aeab4d93c466b525111c167f04a75cd78d85b7fe7af875ee80dca4d9ea75e818ca84fee5fdad1eef7622618e78cebc366355958997a3990007
ssdeep: 1536:HPFXXuycAxt5Mma8C74rqxbVXKnoZCytDKkW44hDubuLwR4T+dF0+3Uow:vFXXBoT7aoVanSmg4ZubusmgFz3dw
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 Hilgraeve, Inc. 2001
InternalName: HyperTrm
FileVersion: 5.1.2600.0
CompanyName: Hilgraeve, Inc.
LegalTrademarks: HyperTerminal xae is a registered trademark of Hilgraeve, Inc. 
Comments: HyperTerminal xae was developed by Hilgraeve, Inc. for Microsoft
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 5.1.2600.0
FileDescription: HyperTerminal Applet
OriginalFilename: HYPERTRM.EXE
Translation: 0x0409 0x0000

Trojan.FakeMS.ED also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.45353
ALYacGen:Variant.Razy.45353
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a (v)
SangforMalware
K7AntiVirusTrojan ( 005224381 )
BitDefenderGen:Variant.Razy.45353
K7GWTrojan ( 005224381 )
Cybereasonmalicious.709f46
BitDefenderThetaGen:NN.ZexaF.34804.iq0@aKG!g5ni
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.FHBM
BaiduWin32.Trojan.Kryptik.alb
APEXMalicious
AvastWin32:Evo-gen [Susp]
KasperskyBackdoor.Win32.Androm.opls
NANO-AntivirusTrojan.Win32.Androm.evkqly
AegisLabTrojan.Multi.Generic.4!c
Ad-AwareGen:Variant.Razy.45353
SophosML/PE-A + Mal/Cerber-K
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
F-SecureHeuristic.HEUR/AGEN.1125229
TrendMicroRansom_HPCERBER.SM3
McAfee-GW-EditionGenericRXLD-FR!A1593E5709F4
FireEyeGeneric.mg.a1593e5709f46628
EmsisoftGen:Variant.Razy.45353 (B)
SentinelOneStatic AI – Suspicious PE – Ransomware
AviraHEUR/AGEN.1125229
MAXmalware (ai score=100)
Antiy-AVLTrojan[Backdoor]/Win32.Androm
MicrosoftTrojanDownloader:Win32/Dofoil.AC
ArcabitTrojan.Razy.DB129
ZoneAlarmBackdoor.Win32.Androm.opls
GDataGen:Variant.Razy.45353
CynetMalicious (score: 100)
Acronissuspicious
McAfeeGenericRXLD-FR!A1593E5709F4
VBA32BScope.Backdoor.Vawtrak
MalwarebytesTrojan.FakeMS.ED
PandaTrj/Hexas.HEU
TrendMicro-HouseCallRansom_HPCERBER.SM3
RisingTrojan.Kryptik!8.8 (CLOUD)
IkarusWin32.Karagany
FortinetW32/Dridex.IZC!tr
AVGWin32:Evo-gen [Susp]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Backdoor.7d1

How to remove Trojan.FakeMS.ED?

Trojan.FakeMS.ED removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment