Trojan

Trojan.Win32.Ekstak.alnae removal guide

Malware Removal

The Trojan.Win32.Ekstak.alnae is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.alnae virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.alnae?



File Info:

name: 5349891FE7A853208B2F.mlw
path: /opt/CAPEv2/storage/binaries/1b0c5ece056045b67a4e5c6663be9e4e85618a5a237e4543268c2f0bd62cc14a
crc32: F59E1A89
md5: 5349891fe7a853208b2f33f23281661c
sha1: a065f5fd55606917d6942f3fc6eb12b19df04785
sha256: 1b0c5ece056045b67a4e5c6663be9e4e85618a5a237e4543268c2f0bd62cc14a
sha512: 5e1cfc192221067b7f4101ab585b503a40fd40f66922b15826d7c35db6f409c4565879a24a26e96e97174efb49f3e4511a1587ba6eae15ffc50ae49c7fe43162
ssdeep: 196608:EMPbr9WMjyDfFfewDbQSOyIebV7poug331fyYD:pxVj0FFfKyIeb9po733jD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10486236BBF8493EED5965C75EA3584F92CF372335974119C1BB996AA0E302E0C7270C2
sha3_384: 3904da4c446a966a254239ededfe09f8635e7270319a92bef4d12c9e85d19478ff01b19cc1d6a21affd4ae5c7f94933b
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Ecover Keys                                                 
FileDescription: Ecover Keys Setup                                           
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.alnae also known as:

LionicTrojan.Win32.Ekstak.4!c
McAfeeArtemis!5349891FE7A8
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DAQ22
KasperskyTrojan.Win32.Ekstak.alnae
AvastWin32:Adware-gen [Adw]
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.WWIUOO
ZoneAlarmTrojan.Win32.Ekstak.alnae
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Adware/Win.Adware-gen.R469588
MalwarebytesAdware.DownloadAssistant
IkarusTrojan-Dropper.Win32.Agent
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]
PandaTrj/CI.A

How to remove Trojan.Win32.Ekstak.alnae?

Trojan.Win32.Ekstak.alnae removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment