Trojan.Virtumod removal instruction

The Trojan.Virtumod is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Virtumod virus can do?

• Behavioural detection: Executable code extraction – unpacking
• Scheduled file move on reboot detected
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Presents an Authenticode digital signature
• Creates RWX memory
• Anomalous file deletion behavior detected (10+)
• Dynamic (imported) function loading detected
• Reads data out of its own binary image
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• Installs itself for autorun at Windows startup
• Installs itself for autorun at Windows startup

How to determine Trojan.Virtumod?

File Info:
name: 2FB52A647F43E3FD71F7.mlw
path: /opt/CAPEv2/storage/binaries/881b4bad81de822f0643f13358010417f0e0955ff193b94cbd1754f8cbbae93c
crc32: 7E9B8B72
md5: 2fb52a647f43e3fd71f74790b70eeaba
sha1: 82ec680aa67932045b5dddf45f6f89ac0db49fc9
sha256: 881b4bad81de822f0643f13358010417f0e0955ff193b94cbd1754f8cbbae93c
sha512: 06ad556832892cbedb3125af95b4d4cbce4bac23e8ba0441632c0cf0970359189e166aa686cf536c9a1595f44f7b7b57513d741b12904eb2de1cde0e3201eff3
ssdeep: 98304:liIAql+mdddAzlrWoM191K/uZlh+J1D+WHjDmvvEaP0U8b8cIBxfg2gq:HFTAZrjA1p+JkWHjDLU8OJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12436330A75D80478E2A7F038ACD6D9BB89BE3720ACD80516FAEE892D4D37DD34565313
sha3_384: 00c4da12cacc466986d5ba4ee1770fb06dcbc0df3db20d481453b8b1da918be824fcf8ac5f61a6d5a98d354319102e8d
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: Splinterware Software Solutions                             
FileDescription: System Scheduler Setup                                      
FileVersion:                     
LegalCopyright: Copyright © 2021 Splinterware Software Solutions                                                    
ProductName: System Scheduler                                            
ProductVersion:                                                   
Translation: 0x0000 0x04b0

Trojan.Virtumod also known as:

How to remove Trojan.Virtumod?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.