Trojan

Trojan.Generic.30173830 removal instruction

Malware Removal

The Trojan.Generic.30173830 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Generic.30173830 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Saami
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

api.2ip.ua
securebiz.org
tbpws.top

How to determine Trojan.Generic.30173830?


File Info:

crc32: DEA2A9D4
md5: f8d523b06e51f69ed57e674db932ac3b
name: F8D523B06E51F69ED57E674DB932AC3B.mlw
sha1: 040ab9366ff2010ecdfe2111743e06653b0a041e
sha256: e5cceee07167bcac472b4d7286bd6afe892ad5241f36e7eec85e70ce16aaeadf
sha512: 1029d8acd9c4dc6864d0beaa722f829746f9f4f4cea6c96391faeac0725cdd54030213d0b2c4f7521fd90ab0aae235661c671921a5fb4e54d7144c0e56094b48
ssdeep: 12288:jZq3qcMsKNbMPKq5bLSTBpzt+dn5ymhQ4Iq6KVHuEQc8G8Y5Zd9WWE59/diQ93w:jY3qcv758JQdn5Ik6KVK7A5L1iiQR
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x1209 0x052d

Trojan.Generic.30173830 also known as:

BkavW32.PythiaY.Trojan
Elasticmalicious (high confidence)
DrWebBackDoor.Tofsee.199
ClamAVWin.Malware.Raccoon-9894356-1
CAT-QuickHealRansom.Stop.Z5
ALYacGen:Variant.Fragtor.23876
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Kryptik.EYC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HMNP
APEXMalicious
AvastWin32:PWSX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderTrojan.Generic.30173830
NANO-AntivirusTrojan.Win32.Tofsee.jcbokp
MicroWorld-eScanTrojan.Generic.30173830
Ad-AwareTrojan.Generic.30173830
SophosMal/Generic-R + Troj/Krypt-CZ
BitDefenderThetaGen:NN.ZexaF.34170.Vu0@aWmCpNoO
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
FireEyeGeneric.mg.f8d523b06e51f69e
EmsisoftTrojan.Generic.30173830 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/AD.InstaBot.nutbf
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:Win32/StopCrypt.MGK!MTB
GridinsoftRansom.Win32.STOP.bot!se57876
GDataTrojan.Generic.30173830
AhnLab-V3Trojan/Win.Racealer.R442289
Acronissuspicious
McAfeePacked-GDT!F8D523B06E51
MAXmalware (ai score=82)
VBA32Malware-Cryptor.Azorult.gen
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
RisingTrojan.Kryptik!1.D975 (CLASSIC)
IkarusTrojan.Win32.Glupteba
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HMNW!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml

How to remove Trojan.Generic.30173830?

Trojan.Generic.30173830 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment