Trojan

Trojan.Heur.lmKfrGKZnSgb information

Malware Removal

The Trojan.Heur.lmKfrGKZnSgb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.lmKfrGKZnSgb virus can do?

  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Heur.lmKfrGKZnSgb?



File Info:

name: 30C9054ED4167F1CB243.mlw
path: /opt/CAPEv2/storage/binaries/4295fa7464c2acd61c2f373991bc95865e2cb49fca5af7b2f51d42b0960c912a
crc32: D6797FF4
md5: 30c9054ed4167f1cb2432d2108b4ab0f
sha1: 2cc14c20e6f30a1c5e37d3a0ce7505195d87b274
sha256: 4295fa7464c2acd61c2f373991bc95865e2cb49fca5af7b2f51d42b0960c912a
sha512: 11e6bca872bd660ac6f10061f80b9f0310ce2da29f85af024eeaffeee37a2f68a4e76e923763156052934ed0ca5a07a6035c1a4cc224a1697ad3eaa4cd181e12
ssdeep: 3072:wbpx53zsvD/0veavOCFpbJQ9BDIYxEVaw/kOZe9eraK/PqFCCX+BzJ8iIAhTshe5:wbUgeavxs9B7CVkOZeAraqNDzJ8iIAps
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF14F14327E98649F5F76A3069BB4AB40E76FC25BD3ACD0EA661780E1C70644DCB1723
sha3_384: 8b42ddcd2e9eb57f9e866c1036567dedeff40b78db2960eb7c08e6181798336d8736048ac24e6b66a3d719755db978de
ep_bytes: 60be00a044008dbe0070fbffc7879ce0
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: Operating System
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.1.2600.5512
InternalName: svchost.exe
LegalCopyright: Microsoft Corporation. All rights reserved.
OriginalFilename: svchost.exe
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 5.1.2600.5512
Translation: 0x0804 0x03a8

Trojan.Heur.lmKfrGKZnSgb also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Swisyn.4!c
DrWebTrojan.Siggen5.36525
MicroWorld-eScanGen:Trojan.Heur.lmKfrGKZnSgb
FireEyeGeneric.mg.30c9054ed4167f1c
SkyhighBehavesLike.Win32.Dropper.cc
McAfeeArtemis!30C9054ED416
Cylanceunsafe
VIPREGen:Trojan.Heur.lmKfrGKZnSgb
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005376ae1 )
BitDefenderGen:Trojan.Heur.lmKfrGKZnSgb
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.0e6f30
ArcabitTrojan.Heur.lmKfrGKZnSgb
BitDefenderThetaAI:Packer.50D4F8211C
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/BlackHole.NBB
APEXMalicious
KasperskyTrojan.Win32.Swisyn.lnv
AlibabaTrojan:Win32/Swisyn.8aeef580
NANO-AntivirusTrojan.Win32.Kpo.bfccvo
RisingTrojan.Spy.Win32.Delf.dqs (CLOUD)
SophosTroj/Bnksa-Fam
GoogleDetected
F-SecureTrojan.TR/Crypt.FKM.Gen
ZillyaTrojan.Swisyn.Win32.26537
Trapminemalicious.moderate.ml.score
EmsisoftGen:Trojan.Heur.lmKfrGKZnSgb (B)
IkarusTrojan.Crypt
JiangminTrojan/Swisyn.tvd
WebrootW32.Bot.Gen
VaristW32/Threat-SysVenFak-based!Maxi
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Trojan.Generic.a
XcitiumSuspicious@#3czr5eypxkjzu
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Swisyn.lnv
GDataGen:Trojan.Heur.lmKfrGKZnSgb
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.lmKfrGKZnSgb
MAXmalware (ai score=100)
DeepInstinctMALICIOUS
VBA32Trojan.Swisyn
MalwarebytesRiskWare.SpySoft
PandaGeneric Malware
TencentWin32.Trojan.Swisyn.Wmhl
MaxSecureTrojan.Malware.4579460.susgen
FortinetW32/Bnksa.LNV!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Heur.lmKfrGKZnSgb?

Trojan.Heur.lmKfrGKZnSgb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment