Trojan

Should I remove “Trojan.Win32.Ekstak.aloge”?

Malware Removal

The Trojan.Win32.Ekstak.aloge is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aloge virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.aloge?



File Info:

name: 9455F309645BF75D0358.mlw
path: /opt/CAPEv2/storage/binaries/d489f1ad7336a1012dbb1c8057ca53bfd60a9cefe6592082cea6d5c38e532494
crc32: 288DA852
md5: 9455f309645bf75d035846ecf8a16672
sha1: 2c81d426b242271358aa67932f15753c1f533e27
sha256: d489f1ad7336a1012dbb1c8057ca53bfd60a9cefe6592082cea6d5c38e532494
sha512: 92bb9bdd08666b447116e80668440892ab607e669184a4a6a6f7fb88dfe271eced5aa0adf4e65a4bf67d855feb4ebd616fc973cbda565882d1a7558ff8dd706b
ssdeep: 196608:88h20bHN7z6wip3DNVuPNsmQRdqnVjVNu9rUP8ShBl5QQE7ZaIUiJHg:G0bHN7/PNs1GnMo8SMZD1Hg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13FB6233FB228653ED8AA4B3145B39260997BBF61651A8C2F0BF0591DCF764701E3F606
sha3_384: 2fa5c0fc055f338468565dba93fcc4928970cacf19aa71e8421d479b04a48cf1025a102ea2f38ede6e4121a59b45a70d
ep_bytes: 558bec83c4a453565733c08945c08945
timestamp: 2020-03-14 17:59:41


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: jMobie Inc.                                                 
FileDescription: ABPhoneRescue Setup                                         
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: ABPhoneRescue                                               
ProductVersion: 2.1.1.13                                          
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.aloge also known as:

CylanceUnsafe
SangforTrojan.Win32.Sabsik.ml
K7AntiVirusTrojan ( 005722fe1 )
K7GWTrojan ( 005722fe1 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.aloge
AvastWin32:Adware-gen [Adw]
ZillyaTrojan.Ekstak.Win32.59649
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
Antiy-AVLTrojan/Win32.Ekstak
MicrosoftTrojan:Script/Phonzy.C!ml
GDataWin32.Trojan.BSE.1Z00OOS
McAfeeArtemis!9455F309645B
MalwarebytesAdware.DownloadAssistant
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.aloge?

Trojan.Win32.Ekstak.aloge removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment