Trojan.Win32.Cutwail.wxi removal

The Trojan.Win32.Cutwail.wxi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Cutwail.wxi virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (20 unique times)
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Creates a copy of itself

Related domains:

www.udesign.biz

www.crcsi.org

www.item-pr.com

www.2print.com

www.spanesi.com

www.vitaindu.com

www.rs-ag.com

www.pr-park.com

www.c9dd.com

www.owsports.ca

www.abdg.com

www.cel-cpa.com

www.reglera.com

www.valdal.com

www.transsib.com

www.tyrns.com

www.t-tre.com

www.photo4b.com

www.abart.pl

www.ora-ito.com

www.medisa.info

www.mobilnic.net

www.jroy.net

www.alteor.cl

www.com-sit.com

www.wifi4all.nl

www.ora.ecnet.jp

www.yumgiskor.kz

www.depalo.com

www.pwd.org

www.iamdirt.com

www.aevga.com

www.gpthink.com

www.elpro.si

www.fink.com

www.usadig.com

www.credo.edu.pl

www.medius.si

www.yoruksut.com

www.stnic.co.uk

www.tc17.com

fifa-ews.com

n23china.com

beafin.com

cpmteam.com

akdeniz.nl

amerifor.com

assideum.com

wnit.org

mxs.mail.ru

www.h-f.net

apcotex.com

mcseurope.nl

fogra.com.pl

hes.pt

at-shun.com

unicus.jp

vdoherty.com

ciicsc.com

orbitgas.com

nrsi.com

h-et-l.com

peminet.net

ie-roi.com

avc.com.sa

semuk.com

www.tvtools.fi

in1.smtp.messagingengine.com

mail7.digitalwaves.co.nz

s5w.com

ktenergo.ru

anteph.org

enguita.net

listel.co.jp

xsui.com

www.stajum.com

kairel.com

notis.ru

gydrozo.ru

www.edimart.hu

shesfit.com

zupraha.cz

scip.org.uk

madjek.com

ascc.org.au

any-s.net

komie.com

keio-web.com

amba-tc.si

paraski.org

uhsa.edu.ag

aluminox.es

bosado.com

ccssinc.com

www.cokocoko.com

shanks.co.uk

wvs-net.de

amele.com

rtcasey.com

koz1.net

valselit.com

vivastay.com

nlcv.bas.bg

webavant.com

rast.se

canmore.com

c-drop.net

ludomemo.com

com-edit.fr

iranytu.net

cyclad.pl

ncn.de

lpver.com

chzko.ru

wanoa.com

www.fcwcvt.org

oh28ya.com

simetar.com

sokuwan.net

canasil.com

dog-jog.net

ossir.org

bigzz.by

btsi.com.ph

cnti.krsn.ru

onzcda.com

fundeo.com

polprime.com

www.railbook.net

shztm.ru

www.fnw.us

sledsport.ru

floopis.com

shenhgts.net

okashimo.com

agitz.com.br

from30ty.com

www.valselit.com

www.hummer.hu

scintel.com

akr.co.id

awfraser.com

kevyt.net

popbook.com

www.pb-games.com

www.mqs.com.br

ifesnet.com

t-trust.jp

gbmfg.com

piacton.com

holp-ai.com

www.xaicom.es

themark.org

www.nunomira.com

rokoron.com

acraloc.com

www.myropcb.com

shittas.com

t-mould.com

cjcagent.com

www.lrsuk.com

www.fe-bauer.de

cqdgroup.com

lyto.net

www.jenco.co.uk

zugseil.com

bd-style.com

www.snugpak.com

www.holleman.us

tabbles.net

dwid.de

fdlymca.org

sanfotek.net

nt-hat.com

host.do

zemarmot.net

toundo.net

gphpedit.org

deckoviny.cz

isom.org

univi.it

vfcindia.com

skgm.ru

icd-host.com

revoldia.net

alexpope.biz

oaith.ca

midap.com

a-domani.com

pertex.com

ccrsi.org

someikan.com

nels.co.uk

atis-sk.ca

adventist.ro

infotech.pl

kewlmail.com

ssm.ch

websy.com

refintl.org

calvinly.com

webways.com

likangds.com

ftmobile.com

kallman.net

mondopp.net

reproar.com

pellys.co.uk

michiana.org

agulatex.com

tbvlugus.nl

hbfuels.com

shiner.com

riwn.org

banvari.com

web-york.com

workplus.hu

duiops.net

angework.com

forbin.net

epc.com.au

msl-lock.com

ntc.edu.au

umcor.am

atb-lit.com

www.speelhal.net

www.vazir.se

fr-dat.com

kamptal.at

www.pohlfood.com

www.netcr.com

www.naoi-a.com

www.ka-mo-me.com

www.ftchat.com

www.ottospm.com

www.dayvo.com

www.vexcom.com

www.nelipak.nl

plaske.ua

www.koz1.net

gujarat.com

wantapc.net

www.jacomfg.com

hazmatt.com

nettlinx.org

yhsll.com

gcss.com

dzm.cz

www.nqks.com

e-asset.net

www.x0c.com

www.pupi.cz

www.waldi.pl

www.fnsds.org

www.wkhk.net

smtp.directcon.net

aoinko.net

kavram.com

pers.com

mjrcpas.com

www.kernsafe.com

karmy.com.pl

x96.com

www.quadlock.com

yasuma.com

www.wnsavoy.com

www.pdqhomes.com

mkm-gr.com

stopllc.com

www.domon.com

www.pcgrate.com

yoruksut.com

daytonir.com

absblast.com

www.findbc.com

tcpoa.com

esmoke.net

burstner.ru

dayvo.com

skypearl.com

ludea.cz

willsub.com

touchfam.ca

linac.co.uk

multip.hu

missnue.com

hamaker.net

sgk.home.pl

pcoyuncu.com

geecl.com

camamat.com

tozzhin.com

pccj.net

nolaoig.org

78san.com

hubbikes.com

cubodown.com

cutchie.com

shteeble.com

xult.org

cvswl.org

mail.airmail.net

www.otena.com

www.sclover3.com

bggs.com

amic.at

gbp-jp.com

How to determine Trojan.Win32.Cutwail.wxi?


File Info:
crc32: EB3B9253
md5: f04bb83de06f653f438efd8062a0e007
name: nnstp.exe
sha1: 8e215b3189891a0e57b9cfd913b95adb1517b9b1
sha256: 288c5039d51fd1fe34cf26190fe2aeb0bafbbf8e60af7044e96ad10537a8d7d9
sha512: 625b7edbd45835763240837b8f1c43353ef00375de2d2358e55598136099214fdc8406508e4d5559b3075f0fb45d8bbed2032400de1bdd107428d188ac2383cd
ssdeep: 3072:FcK7QSowMO79hzXAeBtQ7sQL/lL6tBNkGz/5K+irLCsd2Ih5jmv9FJ3MYYOYYYY5:rMm9FXAeBNQDFKKGJ2LD2Ibe37
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: CassepTools Inc Copyright xc2xa9 2000 - 2014 KG and its Licensors
InternalName: Nticed
FileVersion: 2.8.8.4
CompanyName: CassepTools Inc
PrivateBuild: 2.8.8.4
LegalTrademarks: CassepTools Inc Copyright xc2xa9 2000 - 2014 KG and its Licensors
Comments: Contents Prepares Conversations Datacontext
ProductName: Nticed
ProductVersion: 2.8.8.4
FileDescription: Contents Prepares Conversations Datacontext
OriginalFilename: Nticed.exe
Translation: 0x0409 0x04b0

Trojan.Win32.Cutwail.wxi also known as:

DrWeb	Trojan.DownLoad.64914
MicroWorld-eScan	Trojan.GenericKD.32831403
FireEye	Generic.mg.f04bb83de06f653f
CAT-QuickHeal	Trojan.Cutwail
Qihoo-360	Win32/Trojan.69e
McAfee	RDN/Generic.cui
Cylance	Unsafe
VIPRE	Trojan.Win32.Cutwail
AegisLab	Trojan.Win32.Cutwail.tpdv
Sangfor	Malware
K7AntiVirus	Trojan ( 00521ad71 )
BitDefender	Trojan.GenericKD.32831403
K7GW	Trojan ( 00521ad71 )
CrowdStrike	win/malicious_confidence_100% (W)
TrendMicro	TROJ_CUTWAIL.USVZ
BitDefenderTheta	Gen:NN.ZexaF.33558.sG0@aW2Sjjdi
Symantec	Trojan.Gen.2
TrendMicro-HouseCall	TROJ_CUTWAIL.USVZ
Paloalto	generic.ml
ClamAV	Win.Trojan.Agent-6409643-0
GData	Trojan.GenericKD.32831403
Kaspersky	Trojan.Win32.Cutwail.wxi
Alibaba	Trojan:Win32/Cutwail.1deb64d4
NANO-Antivirus	Trojan.Win32.Cutwail.ewmcnr
Rising	Trojan.Generic@ML.99 (RDMK:tL0FQXCLlWAMtY8kFAsVKw)
Ad-Aware	Trojan.GenericKD.32831403
Emsisoft	Trojan.GenericKD.32831403 (B)
Comodo	Malware@#l2dvfgq2o70d
F-Secure	Heuristic.HEUR/AGEN.1037230
Zillya	Trojan.Cutwail.Win32.1398
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fh
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Krypt
Jiangmin	Trojan.Cutwail.fe
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1037230
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Cutwail
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1F4F7AB
ZoneAlarm	Trojan.Win32.Cutwail.wxi
Microsoft	Trojan:Win32/Skeeyah.A!MTB
AhnLab-V3	Trojan/Win32.Cutwail.C2322828
Acronis	suspicious
VBA32	Trojan.Cutwail
ALYac	Trojan.GenericKD.32831403
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Kryptik.FTPN
Yandex	Trojan.Cutwail!6taE9AbBKko
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Kryptik.GKUA!tr.ransom
AVG	Win32:Malware-gen
Cybereason	malicious.de06f6
Avast	Win32:Malware-gen
MaxSecure	Trojan.Malware.11819608.susgen

How to remove Trojan.Win32.Cutwail.wxi?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.