How to remove "Trojan.Win32.Chapak.ezze"?

Report context

What to verify before removal

Use this report for a controlled check of How to remove “Trojan.Win32.Chapak.ezze”? when the affected machine shows suspicious processes, dropped files, or payload delivery behavior. The goal is to verify the exact file and persistence path before quarantine.

The technical section is meant to connect the detection name with observable evidence such as persistence entries, dropped files, unusual processes, and browser or network changes. Compare the identifiers here with the local file before deleting anything, then use the cleanup workflow to scan, quarantine, and verify the system state.

Confirm the detection name matches How to remove “Trojan.Win32.Chapak.ezze”? before removing related files.
Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Trojan.Win32.Chapak.ezze is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan.Win32.Chapak.ezze virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Possible date expiration check, exits too soon after checking local time
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (12 unique times)
At least one IP Address, Domain, or File Name was found in a crypto call
Starts servers listening on 127.0.0.1:0
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Looks up the external IP address
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Detects Avast Antivirus through the presence of a library
Executed a process and injected code into it, probably while unpacking
Checks for the presence of known windows from debuggers and forensic tools
Steals private information from local Internet browsers
Mimics the file times of a Windows system file
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Detects VMware through the presence of a registry key
Attempts to modify proxy settings
Attempts to disable Windows Defender
Attempts to create or modify system certificates
Collects information to fingerprint the system

Related domains:

z.whorecord.xyz

a.tomx.xyz

marisana.xyz

ipinfo.io

poetic-insights.com

3freeprivacytoolsforyou.xyz

i.spesgrt.com

cdn.discordapp.com

gmailservice7911.com

fsstoragecloudservice.com

24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com

drkapoorclinic.com

a.goatagame.com

crl3.digicert.com

ocsp.digicert.com

apps.identrust.com

crl.identrust.com

ip-api.com

www.facebook.com

telete.in

proxycheck.io

How to determine Trojan.Win32.Chapak.ezze?


File Info:
crc32: 13519D5B
md5: 15ff88418d079a260219d1bc7f8c528a
name: 15FF88418D079A260219D1BC7F8C528A.mlw
sha1: d26fe29f0ed3c4528e1ab6fa48fae7946f7d6250
sha256: cd0e83d7ecf53143afa640ee49905b8292169fa7e5eafad521718a303e302322
sha512: d4e1a94e0a30c7f38ca23ae264be276b9d5ae71d67c1164159ce7af2ddef352ad6a4c04935a711f7c472f1ac2830d4c1df5eed30062c52de067b27ca6e35184c
ssdeep: 49152:xcB6CpZgu29XTEwJ84vLRaBtIl9mTfPVHwCN/Z:xQZ29YCvLUBsK3yCRZ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
InternalName: 7zS.sfx
FileVersion: 19.00
CompanyName: Igor Pavlov
ProductName: 7-Zip
ProductVersion: 19.00
FileDescription: 7z Setup SFX
OriginalFilename: 7zS.sfx.exe
Translation: 0x0409 0x04b0

Trojan.Win32.Chapak.ezze also known as:

DrWeb	Trojan.Siggen14.45875
ClamAV	Win.Packed.Barys-9859531-0
ALYac	Dropped:Trojan.GenericKDZ.76590
Cylance	Unsafe
Sangfor	Backdoor.Win32.Mokes.gen
Alibaba	Ransom:Win32/StopCrypt.788131cc
K7GW	Trojan ( 0057f9a81 )
K7AntiVirus	Trojan ( 0057f9a81 )
Cyren	W32/Trojan.HRKA-7109
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Smokeloader.F
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Chapak.ezze
BitDefender	Dropped:Trojan.GenericKDZ.76590
NANO-Antivirus	Trojan.Win32.TrjGen.ixvlyj
ViRobot	Trojan.Win32.Z.Zusy.1586414
MicroWorld-eScan	Dropped:Trojan.GenericKDZ.76590
Ad-Aware	Dropped:Trojan.GenericKDZ.76590
Sophos	Mal/Generic-R
BitDefenderTheta	Gen:NN.ZexaF.34058.cv0@aqgz2qiO
TrendMicro	TROJ_GEN.R03BC0WGP21
McAfee-GW-Edition	RDN/Generic.com
FireEye	Dropped:Trojan.GenericKDZ.76590
Emsisoft	Dropped:Trojan.GenericKDZ.76590 (B)
Jiangmin	Trojan.Sdum.td
Avira	TR/Agent.vkokq
Antiy-AVL	Trojan/Generic.ASMalwS.3452F82
Microsoft	Ransom:Win32/StopCrypt.MVK!MTB
ZoneAlarm	Trojan.Win32.Chapak.ezze
GData	Dropped:Trojan.GenericKDZ.76590
AhnLab-V3	Ransomware/Win.StopCrypt.C4588708
McAfee	Artemis!15FF88418D07
MAX	malware (ai score=100)
VBA32	BScope.Adware.SpeedBit
Malwarebytes	Malware.AI.3432400300
TrendMicro-HouseCall	TROJ_GEN.R03BC0WGP21
Rising	Trojan.Kryptik!1.C6FC (CLASSIC)
Ikarus	Trojan.Win32.Agent
Fortinet	W32/Chapak.ADHQ!tr
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
Qihoo-360	HEUR/QVM41.1.387F.Malware.Gen

How to remove Trojan.Win32.Chapak.ezze?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.