About “Trojan.Heur.RP.emKfbiSgX7mi” infection

The Trojan.Heur.RP.emKfbiSgX7mi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Heur.RP.emKfbiSgX7mi virus can do?

The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity detected but not expressed in API logs

How to determine Trojan.Heur.RP.emKfbiSgX7mi?


File Info:
crc32: DEC49DEB
md5: 33805d14f9c737557477c52fad6d24e2
name: 33805D14F9C737557477C52FAD6D24E2.mlw
sha1: 1d2dbbb036ce3f57da948ff1a3063d0c7e8ee969
sha256: c4078ee15615267205901155b4fe8ed85afa0a788dc58c3e7d859f66e5d9873e
sha512: 98cc7545867ebaebd337d38d7043b24e2cc40df538fac6d17ad3f4b8116cab7e63ce74571489e3227e1be998f875db963c9d6cb435b496fe4865bb17259c51ce
ssdeep: 1536:LkdXRBV/N1WkWltDvbl3+O2kP+KabSxTjeQAYCqvlt1w:LIhBV/+3vR3VIKU9qvlt1w
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright (C) 2011 by ValiantChaos
InternalName: VCBMH.exe
FileVersion: 133.1.0.3
ProductVersion: 133.1.0.3
FileDescription: Hack loader
OriginalFilename: VCBMH.exe
Translation: 0x0409 0x04b0

Trojan.Heur.RP.emKfbiSgX7mi also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Emkfaisgx.4!c
ALYac	Gen:Trojan.Heur.RP.emKfbiSgX7mi
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.4f9c73
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Spyware-gen [Spy]
BitDefender	Gen:Trojan.Heur.RP.emKfbiSgX7mi
NANO-Antivirus	Trojan.Win32.Ransom.clnqb
MicroWorld-eScan	Gen:Trojan.Heur.RP.emKfbiSgX7mi
Ad-Aware	Gen:Trojan.Heur.RP.emKfbiSgX7mi
Comodo	Malware@#tfehi3idl11w
BitDefenderTheta	AI:Packer.2EED841D1F
McAfee-GW-Edition	BehavesLike.Win32.Upatre.lc
FireEye	Generic.mg.33805d14f9c73755
Emsisoft	Gen:Trojan.Heur.RP.emKfbiSgX7mi (B)
eGambit	Unsafe.AI_Score_80%
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Heur.RP.emKfbiSgX7mi
GData	Gen:Trojan.Heur.RP.emKfbiSgX7mi
McAfee	Artemis!33805D14F9C7
MAX	malware (ai score=84)
Yandex	Trojan.GenAsa!8Q3GGoHVdpk
SentinelOne	Static AI – Malicious PE
AVG	Win32:Spyware-gen [Spy]
Paloalto	generic.ml

How to remove Trojan.Heur.RP.emKfbiSgX7mi?

Trojan.Heur.RP.emKfbiSgX7mi removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X