Trojan

Trojan.Win32.Ekstak.alkml removal tips

Malware Removal

The Trojan.Win32.Ekstak.alkml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.alkml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.alkml?



File Info:

name: BD1D9DBB79B2F23CB51F.mlw
path: /opt/CAPEv2/storage/binaries/0a6e69f7c06abeb3b54d111c2767dca7dddee61d91afa170ee065cdb0eeea89a
crc32: 3239D95F
md5: bd1d9dbb79b2f23cb51f495c1a7f4b64
sha1: 6b3dbb541f939ac2982e62e92765c277cc7e0a63
sha256: 0a6e69f7c06abeb3b54d111c2767dca7dddee61d91afa170ee065cdb0eeea89a
sha512: b37a95be962cb6f90b70dfde76898bed19f7e663c3fa13caff19d6ab50a1410a82ac00d0ce65cd6428b8279a8a8f1ff2fcc6f14c59d249bd8aeab67b1b862239
ssdeep: 98304:l7J2nW/u5eZFS7L3L5bSGXXxSBx6Fhdj7SM2dedBsF4zMYoJnJmz26eIPFU:1YLdXM+h17SMIFfYoJn3FIPFU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1106633061BF0FDF7D1AB75F88C4D6924A67271C23278264962649D7C8FFE888848B1F5
sha3_384: 70b68c34f111fa53843895c276516018a8d9d9fac33451175e4ecdb132b7ccd2eff85a7273ce7697e10977ea24c3654d
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Agaikp Software                                             
FileDescription: CE Catalog Professional Setup                               
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.alkml also known as:

McAfeeArtemis!BD1D9DBB79B2
MalwarebytesAdware.DownloadAssistant
AlibabaTrojanDropper:Win32/Ekstak.7f81ad98
K7GWTrojan ( 005722fe1 )
K7AntiVirusTrojan ( 005722fe1 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DA722
KasperskyTrojan.Win32.Ekstak.alkml
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Ekstak.Pftd
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
IkarusTrojan-Dropper.Win32.Agent
GDataWin32.Backdoor.Bodelph.W3MDQ5
JiangminTrojan.Ekstak.bvcc
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.alkml?

Trojan.Win32.Ekstak.alkml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment