Trojan.Win32.Downeks.bg information

Malware Removal

The Trojan.Win32.Downeks.bg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Downeks.bg virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

How to determine Trojan.Win32.Downeks.bg?


File Info:

crc32: 2A4E320D
md5: 560e17fc01f98086b380f476b44cb0e6
name: scan_copy.exe
sha1: dddc5779c4d16bc876f7a23779cc2043add868f0
sha256: 0a18c54ef5b8b05137e9fbb43920e8f06968052d31ae5f14c753e48cb4a84bca
sha512: ad0e6bca1694d56256c562cb2a651f256d50ecb7f722383a22a753acc886e1779fd2085e4f1051abef8a519fd33fd73c2b1287c46cd7b1e9920d1b16678de1ab
ssdeep: 24576:Q2rT5JibBsR1YAcUSWcPsPQcVnJtCagQiFhq6SISpKQUBWV+F0ubIWizn:JpJ22R1rcUWPsPFVrCagXFhLSIKKNfI
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: scp
CompanyName: ScriptRunner
ProductName: SearchProtocolHost
ProductVersion: 494, 744, 265, 650
FileDescription: sdiagnhost
OriginalFilename: csrss.exe
Translation: 0x0000 0x04b0

Trojan.Win32.Downeks.bg also known as:

MicroWorld-eScanTrojan.GenericKD.42241630
McAfeeArtemis!560E17FC01F9
CylanceUnsafe
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_60% (W)
APEXMalicious
ClamAVWin.Malware.Autoit-7533156-0
KasperskyTrojan.Win32.Downeks.bg
AlibabaTrojan:Win32/AutoitU.ali2000008
RisingTrojan.Obfus/Autoit!1.C075 (CLASSIC)
Ad-AwareTrojan.GenericKD.42241630
F-SecureTrojan.TR/AD.NetWiredRc.zgxoi
DrWebTrojan.DownLoader32.46938
ZillyaTrojan.GenericTKA.Win32.190
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Backdoor.tc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.560e17fc01f98086
IkarusTrojan-Spy.Keylogger.AgentTesla
JiangminTrojan.Pasta.ahk
WebrootW32.Malware.Gen
AviraTR/AD.NetWiredRc.zgxoi
Antiy-AVLTrojan/Win32.Pasta
Endgamemalicious (high confidence)
ZoneAlarmTrojan.Win32.Downeks.bg
MicrosoftTrojan:Win32/Wacatac.B!ml
VBA32Trojan.SelfDel
MAXmalware (ai score=89)
MalwarebytesTrojan.MalPack.AutoIt
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Injector.Autoit.EWB
TrendMicro-HouseCallTROJ_GEN.R020H06AD20
eGambitUnsafe.AI_Score_58%
FortinetAutoIt/Injector.ESJ!tr
MaxSecureTrojan.Malware.300983.susgen
AVGFileRepMalware
Cybereasonmalicious.9c4d16
Paloaltogeneric.ml

How to remove Trojan.Win32.Downeks.bg?

Trojan.Win32.Downeks.bg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment