Trojan

Trojan.Heur.AutoIT.16 removal

Malware Removal

The Trojan.Heur.AutoIT.16 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.AutoIT.16 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Attempts to remove evidence of file being downloaded from the Internet
  • Exhibits behavior characteristic of Nanocore RAT
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system

Related domains:

remitancegp.duckdns.org

How to determine Trojan.Heur.AutoIT.16?



File Info:

crc32: BD7B7CFA
md5: 21d7d96203900dac88fa2da859916b87
name: 21D7D96203900DAC88FA2DA859916B87.mlw
sha1: b7a3b60d4f7d4a2d8d13c50af5a3f9cc9d87bd91
sha256: ead3450fd9bd8411e3346c4154f433a070b4619c49826f60184dfc52285d5c64
sha512: 6861aee489a532f3f5fbbb88a709ebd8ebab4df21910d6c01edf205dd759c4b0ac6465c12040c39c20906c389ffa19ef0fabfa8873e7b1609c299f91d01c4a46
ssdeep: 24576:+rl6kD68JmloOGX9FpAk6SAl/+PiHTg6b9V:8l328U2TXnpt4WP8Tg6T
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: RMActivate
FileVersion: 883.639.551.178
CompanyName: tabcal
ProductName: xcopy
ProductVersion: 25.862.807.771
FileDescription: sftp
OriginalFilename: diskperf
Translation: 0x0409 0x04b0

Trojan.Heur.AutoIT.16 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.AutoIT.16
FireEyeGeneric.mg.21d7d96203900dac
CAT-QuickHealBackdoor.AutoIt
VIPREPacker.NSAnti.Gen (v)
SangforMalware
K7AntiVirusTrojan ( 700000111 )
BitDefenderGen:Trojan.Heur.AutoIT.16
K7GWTrojan ( 700000111 )
Cybereasonmalicious.203900
TrendMicroTrojan.AutoIt.CRYPTINJECT.SMA
CyrenW32/AutoIt.QA2.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastAutoIt:Injector-JF [Trj]
ClamAVWin.Malware.Nymeria-6963007-0
KasperskyBackdoor.Win32.AutoIt.ed
RisingPUF.Pack-AutoIt!1.B8E7 (CLASSIC)
Ad-AwareGen:Trojan.Heur.AutoIT.16
SophosTroj/AutoIt-CLG
F-SecureHeuristic.HEUR/AGEN.1114570
DrWebTrojan.AutoIt.421
InvinceaML/PE-A + Troj/AutoIt-CLG
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.cc
EmsisoftGen:Trojan.Heur.AutoIT.16 (B)
AviraHEUR/AGEN.1114570
MAXmalware (ai score=83)
Antiy-AVLGrayWare/Autoit.ShellCode.a
MicrosoftTrojan:Win32/AutoitInject.BH!MTB
ArcabitTrojan.Heur.AutoIT.16
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
ZoneAlarmBackdoor.Win32.AutoIt.ed
GDataGen:Trojan.Heur.AutoIT.16
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3201746
Acronissuspicious
McAfeePacked-FTE!21D7D9620390
MalwarebytesTrojan.MalPack.Generic
ESET-NOD32a variant of Win32/Packed.AutoIt.PK
TrendMicro-HouseCallTrojan.AutoIt.CRYPTINJECT.SMA
TencentMalware.Win32.Gencirc.10ce12d3
IkarusTrojan-Spy.HawkEye
MaxSecureTrojan.Malware.300983.susgen
FortinetAutoIt/Scar.RWET!tr
BitDefenderThetaAI:Packer.D2112E0817
AVGAutoIt:Injector-JF [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Heur.AutoIT.16?

Trojan.Heur.AutoIT.16 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment