Trojan

Trojan.Installer removal tips

Malware Removal

The Trojan.Installer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Installer virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Installer?



File Info:

name: 9929D2F47087BB498EB1.mlw
path: /opt/CAPEv2/storage/binaries/1320c573a33974ef2ff5ddef25081add1261e63ad2cfe4a8a3556e1309a7132b
crc32: 7AEE8655
md5: 9929d2f47087bb498eb121d01cfa7f4a
sha1: 638918fdcb1d4e73467abf877c52a06fff96c2f0
sha256: 1320c573a33974ef2ff5ddef25081add1261e63ad2cfe4a8a3556e1309a7132b
sha512: 0fd89ec30270e7cd8646b9f7b077fe65ff64ae79976668280b23a5e64a1b2d038d2ef5cc6f29cd701c0aa757327e3afcb35a1a2b1a3e28abf244110bdabc7b0c
ssdeep: 3072:1gnjLOjI4ZIVugFmRCrEG2MBk8JQNNNUJ:KjLOjTZIVuJCRZBk8JQKJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T150B38D1139F8C9B6E1820831DE6D3BF9D1F5D2340E21896B37984D1DAE7D682D205FAB
sha3_384: aa9387f746eafb9d807befd3b859f7d1f77b6adeb9bd14e7076e4dd8eb5f90055476b654f5ccfcd3959069b0f5b78813
ep_bytes: 558bec6aff68e049410068e01d410064
timestamp: 2007-07-22 02:33:09


Version Info:

Comments: 
CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX
FileVersion: 1, 2, 0, 715
InternalName: 7ZSfxNew
LegalCopyright: Copyright © 2005-2007 Oleg N. Scherbakov
LegalTrademarks: 
OriginalFilename: 7ZSfxNew.exe
PrivateBuild: July 14, 2007
ProductName: 7ZSfxNew
ProductVersion: 1, 2, 0, 715
SpecialBuild: 
Translation: 0x0000 0x04b0

Trojan.Installer also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.33950
MicroWorld-eScanDropped:Trojan.FakeInstaller.B
ClamAVWin.Dropper.Fakeinstaller-9237668-0
FireEyeDropped:Trojan.FakeInstaller.B
McAfeeArtemis!2FF1DB1BD01F
CrowdStrikewin/malicious_confidence_60% (D)
K7GWTrojan ( 004c471d1 )
K7AntiVirusTrojan ( 004c471d1 )
VirITTrojan.Win32.DownLoad3.BYFU
CyrenW32/FakeInst.DG.gen!Eldorado
SymantecDownloader.Ponik
ESET-NOD32MSIL/FakeInstaller.NAD
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan-Downloader.MSIL.Agent.arbb
BitDefenderDropped:Trojan.FakeInstaller.B
AvastMSIL:Downloader-OF [Trj]
EmsisoftDropped:Trojan.FakeInstaller.B (B)
F-SecureTrojan.TR/FakeInstaller.cpqbz
VIPREDropped:Trojan.FakeInstaller.B
TrendMicroTROJ_GEN.R002C0PH721
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.moderate.ml.score
GDataDropped:Trojan.FakeInstaller.B
AviraTR/FakeInstaller.cpqbz
Antiy-AVLTrojan/MSIL.FakeInstaller
XcitiumMalware@#3a6kr9y0p76yl
ArcabitTrojan.FakeInstaller.B
ZoneAlarmTrojan-Downloader.MSIL.Agent.arbb
MicrosoftProgram:Win32/Wacapew.C!ml
GoogleDetected
ALYacDropped:Trojan.FakeInstaller.B
MAXmalware (ai score=81)
VBA32Trojan.Download
MalwarebytesTrojan.Installer
TrendMicro-HouseCallTROJ_GEN.R002C0PH721
RisingTrojan.FakeInstaller!8.6DC (CLOUD)
IkarusAdWare.MSIL.Bhunext
FortinetW32/FakeAlert!tr
AVGMSIL:Downloader-OF [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Installer?

Trojan.Installer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment