Trojan

About “Trojan.Win32.Ekstak.ahuga” infection

Malware Removal

The Trojan.Win32.Ekstak.ahuga is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win32.Ekstak.ahuga virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Network activity detected but not expressed in API logs
  • Attempts to identify installed AV products by installation directory

How to determine Trojan.Win32.Ekstak.ahuga?


File Info:

crc32: 1F57E16E
md5: a5bc1ac9bc8e9678023e58c1663ee6fa
name: A5BC1AC9BC8E9678023E58C1663EE6FA.mlw
sha1: c8d529e78603dce7a9c36fd8f83dbde94f46a5a0
sha256: 342e01de3e3170b55e92ff4a4a972ee4a31a98a46c0ebcaeedb427b7b476bcab
sha512: 5f3af7657e57435b160a84b9916bf0194867f7bb29b53723ba182102019346bd1c30a04514feda5921e793aa430010d34efedf80eaa21fcaba4b32600acecab9
ssdeep: 196608:xjnVFxAxUUoafVs2AIT/qp0YWVmx0u6bxz3LWA2SR1nDB0pDzFrf1pBybZ8LtF:xjVFyroa9/T/qpNQmx0u6bxz3F2K5Dob
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright:
FileVersion: 1.0.0.0
CompanyName: AMS Software
Comments: This installation was built with Inno Setup.
ProductName: VIDEOMASTER
ProductVersion: 12.7
FileDescription: x412x438x434x435x43ex41cx410x421x422x415x420
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.ahuga also known as:

K7AntiVirusTrojan ( 005722fe1 )
Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1661
CylanceUnsafe
SangforTrojan.Win32.Zpevdo.B
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/Ekstak.7659072d
K7GWTrojan ( 005722fe1 )
CyrenW32/DownloadAssist.W.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
AvastWin32:AdwareX-gen [Adw]
KasperskyTrojan.Win32.Ekstak.ahuga
TencentWin32.Trojan.Ekstak.Lnoe
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
EmsisoftAdware.Downloader (A)
JiangminTrojan.Ekstak.boay
WebrootW32.Malware.Gen
AviraTR/Drop.Agent.paovg
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win32.Glupteba.R360194
McAfeeArtemis!A5BC1AC9BC8E
VBA32Trojan.Zadved
MalwarebytesAdware.DownloadAssistant
YandexTrojan.Ekstak!4VDfQzx94ZU
IkarusTrojan-Dropper.Win32.Agent
MaxSecureTrojan.Malware.111509127.susgen
FortinetRiskware/Ekstak
AVGWin32:AdwareX-gen [Adw]
Paloaltogeneric.ml

How to remove Trojan.Win32.Ekstak.ahuga?

Trojan.Win32.Ekstak.ahuga removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment