Spy Trojan

Trojan-Spy.MSIL.Keylogger.czkx removal guide

Malware Removal

The Trojan-Spy.MSIL.Keylogger.czkx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Spy.MSIL.Keylogger.czkx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Spy.MSIL.Keylogger.czkx?


File Info:

name: 0400E849ED0CAC082A1F.mlw
path: /opt/CAPEv2/storage/binaries/5a2e72d0f7d7478d8453c1febaf224587bc6a29faebee929985b75a7877cc5e3
crc32: 71307B0A
md5: 0400e849ed0cac082a1fdf6725b7fb44
sha1: 94bd59e52fac0d46085d71421da838dd5ad9be33
sha256: 5a2e72d0f7d7478d8453c1febaf224587bc6a29faebee929985b75a7877cc5e3
sha512: 1113bb1fd5019094893cefc03ec108d6050dddc979f387c0b657435fdde82460894df4523c3f822d18eec99cbf47790c7ad57e4db70968ba8114038f0ebdee82
ssdeep: 12288:ilepGx4jD5nNsTPt6DzHFxPDd9kOPL4HCFNNzqyqmIEC+T63HmzzjD2M3PigwB40:ilepGx4jD5nNAoD5xsUNdqyOg2Mqgp7m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ABF4E05876409B62C859B2F7D6E6113433214CBE9D0AF706A9B976DC29333F3DC8960E
sha3_384: f9ded878121ff112688bc8ad37047118a37d0f1a27f4dc35ebe778a1a1d71e13cd62f2771be0f227f6182945eec58648
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-11-16 15:11:25

Version Info:

Translation: 0x0000 0x04b0
Comments: Download multiple video from Youtube
CompanyName: Phan mem tien ich Viet
FileDescription: Youtube Multi Downloader v3
FileVersion: 3.0.0.5
InternalName: Youtube Multi Downloader Version 3.exe
LegalCopyright: Copyright © phanmemtienich.net 2013
OriginalFilename: Youtube Multi Downloader Version 3.exe
ProductName: Youtube Multi Downloader v3
ProductVersion: 3.0.0.5
Assembly Version: 3.0.0.5

Trojan-Spy.MSIL.Keylogger.czkx also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.lKSe
Elasticmalicious (moderate confidence)
ClamAVWin.Packed.Zapchast-6887881-0
FireEyeGeneric.mg.0400e849ed0cac08
McAfeeArtemis!0400E849ED0C
ZillyaTrojan.Keylogger.Win32.6
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.52fac0
APEXMalicious
KasperskyTrojan-Spy.MSIL.Keylogger.czkx
AlibabaTrojanSpy:MSIL/Keylogger.982e23d2
RisingTrojan.Generic/MSIL@AI.90 (RDM.MSIL:MLV64joyxcx49av1HTQD/A)
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious PE
WebrootW32.Malware.Gen
ZoneAlarmTrojan-Spy.MSIL.Keylogger.czkx
GoogleDetected
IkarusBackdoor.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.BDI!tr
BitDefenderThetaGen:NN.ZemsilF.34606.Tm0@amALS0c
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan-Spy.MSIL.Keylogger.czkx?

Trojan-Spy.MSIL.Keylogger.czkx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment