Trojan

How to remove “Trojan.Win32.Cossta.ahjt”?

Malware Removal

The Trojan.Win32.Cossta.ahjt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Cossta.ahjt virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • HTTPS urls from behavior.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

How to determine Trojan.Win32.Cossta.ahjt?



File Info:

name: 8C6A18B9A44301C7D734.mlw
path: /opt/CAPEv2/storage/binaries/07a6d44759a3f0e646b88a4b3ee9d6ebfd6b56aaf5422c1c5cf23743f53cb9d4
crc32: D54B574B
md5: 8c6a18b9a44301c7d734cff9762783c3
sha1: b9784f87237b78993d68781f21ba0ad8ec145e9c
sha256: 07a6d44759a3f0e646b88a4b3ee9d6ebfd6b56aaf5422c1c5cf23743f53cb9d4
sha512: 9d6334017e6eade217aeea49fa366f26afa9ed38b0f5e397e94f33bc31c4bea0adb4a3af5ef8c85f2f6fe8b6487614a8644ee4aaee44dc9b80abe09db31610c8
ssdeep: 24576:KyA6vkS1DfWsf3IaN/po324zWqNLLhR62BvGdQ:GBdzW62OvS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E925A316F720E41DE44280F8BD959A576A946CB2028C6C27F781EF4972713E7ADF870B
sha3_384: c904e98d39d7a3646171735baaa5a375cae0a5d78e5f84174ffde036ba90fd3491dab58245991a3cc21bae7429115874
ep_bytes: 6864a44000e8eeffffff000000000000
timestamp: 2015-08-02 16:49:26


Version Info:

Translation: 0x0409 0x04b0
CompanyName: xnyupy
ProductName: xtrxyr
FileVersion: 1.00
ProductVersion: 1.00
InternalName: a
OriginalFilename: a.exe

Trojan.Win32.Cossta.ahjt also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Cossta.4!c
MicroWorld-eScanGen:Heur.PonyStealer.MLT.1
SkyhighBehavesLike.Win32.Infected.dm
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
K7AntiVirusSpyware ( 0055e3db1 )
K7GWSpyware ( 0055e3db1 )
ArcabitTrojan.PonyStealer.MLT.1
VirITTrojan.Win32.VB_Heur
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Bancos.AAO
Paloaltogeneric.ml
ClamAVWin.Keylogger.Dialog-9873784-0
KasperskyTrojan.Win32.Cossta.ahjt
BitDefenderGen:Heur.PonyStealer.MLT.1
NANO-AntivirusTrojan.Win32.Cossta.dvedhd
AvastWin32:GenMalicious-XO [Trj]
TencentWin32.Trojan.Cossta.Rzfl
EmsisoftGen:Heur.PonyStealer.MLT.1 (B)
F-SecureTrojan.TR/ATRAPS.Gen2
DrWebTrojan.DownLoader16.8124
VIPREGen:Heur.PonyStealer.MLT.1
FireEyeGeneric.mg.8c6a18b9a44301c7
SophosMal/Generic-S
GoogleDetected
AviraTR/ATRAPS.Gen2
Antiy-AVLTrojan/Win32.Cossta
XcitiumTrojWare.Win32.TrojanSpy.Bancos.KHO@5rvpl2
MicrosoftTrojanSpy:Win32/Bancos
ZoneAlarmTrojan.Win32.Cossta.ahjt
GDataGen:Heur.PonyStealer.MLT.1
CynetMalicious (score: 99)
McAfeeArtemis!8C6A18B9A443
MAXmalware (ai score=83)
VBA32BScope.Trojan.Agent
MalwarebytesMalware.AI.1930929639
PandaTrj/Genetic.gen
RisingTrojan.VBInject!1.64FA (C64:YzY0OnwVPpmI1lLm)
YandexTrojan.Cossta!PlJpp7ltYR0
IkarusTrojan-PWS.Banker6
FortinetW32/Bancos.ACMB!tr
BitDefenderThetaAI:Packer.BF192DE220
AVGWin32:GenMalicious-XO [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Cossta.ahjt?

Trojan.Win32.Cossta.ahjt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment