Trojan

Trojan.Staser removal guide

Malware Removal

The Trojan.Staser is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Staser virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Drops a binary and executes it
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Trojan.Staser?



File Info:

crc32: 671F6005
md5: 615097e39bf64fe1b31522b90c0c15bf
name: tzJWa0WCH.exe
sha1: 3877dc5936445f4f5b1a880013ccec0346c170e0
sha256: 2487f6b24eb7975a42e8a09b9b73070b0e9ce016c0bfc21b6067e8029a93dc0d
sha512: e5392add683a38b41ff0efbfb2c8ec6ae8d3b652b0251de12505ef18e8746e7dbcb40059c46ffbcc186dd96a0f88e0139dfb780a61519bbfdf58f558cac26c3f
ssdeep: 6144:BoZPIjDRcA0lMq7UtVYe6ciL026uCHgUexyHvolUAfbzfCAjfZcyepWitV:BoZMDRN17tVQLOAgkVcyeQ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2002
InternalName: MCIWndWrapper
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: MCIWndWrapper Application
ProductVersion: 1, 0, 0, 1
FileDescription: MCIWndWrapper MFC Application
OriginalFilename: MCIWndWrapper.EXE
Translation: 0x0409 0x04b0

Trojan.Staser also known as:

BkavW32.NektoGM.Trojan
DrWebTrojan.Emotet.762
MicroWorld-eScanTrojan.GenericKD.42136462
FireEyeTrojan.GenericKD.42136462
CAT-QuickHealTrojan.Staser
ALYacTrojan.GenericKD.42136462
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.42136462
K7GWRiskware ( 0040eff71 )
TrendMicroTrojanSpy.Win32.EMOTET.THLBCAI
BitDefenderThetaGen:NN.ZexaCO.33558.Oy1@aOgoVWhi
F-ProtW32/Emotet.ADV.gen!Eldorado
SymantecTrojan Horse
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Emotet-7465502-0
GDataTrojan.GenericKD.42136462
KasperskyTrojan-Banker.Win32.Emotet.eofq
ViRobotTrojan.Win32.Emotet.667848
AegisLabTrojan.Win32.Emotet.L!c
RisingTrojan.Kryptik!1.C0B8 (CLASSIC)
Ad-AwareTrojan.GenericKD.42136462
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Emotet.qngah
Invinceaheuristic
McAfee-GW-EditionRDN/Emotet
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.42136462 (B)
SentinelOneDFI – Malicious PE
CyrenW32/Emotet.ADV.gen!Eldorado
JiangminTrojan.Banker.Emotet.mvl
WebrootW32.Trojan.Gen
AviraTR/AD.Emotet.qngah
MAXmalware (ai score=80)
Antiy-AVLTrojan/Win32.Wacatac
ArcabitTrojan.Generic.D282F38E
ZoneAlarmTrojan-Banker.Win32.Emotet.eofq
MicrosoftTrojan:Win32/Emotet!rfn
AhnLab-V3Malware/Win32.Generic.C3653050
McAfeeRDN/Emotet
VBA32BScope.TrojanPSW.Spy
MalwarebytesTrojan.Agent
PandaTrj/Emotet.A
ESET-NOD32a variant of Win32/Kryptik.GZQW
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.THLBCAI
TencentMalware.Win32.Gencirc.10b82d9c
IkarusTrojan-Banker.Emotet
FortinetW32/Emotet.ENKU!tr
AVGWin32:BankerX-gen [Trj]
AvastWin32:BankerX-gen [Trj]
Qihoo-360Win32/Trojan.a4e

How to remove Trojan.Staser?

Trojan.Staser removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment