Trojan

Trojan.Win32.Ekstak.aloyw removal instruction

Malware Removal

The Trojan.Win32.Ekstak.aloyw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aloyw virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.aloyw?



File Info:

name: 9942DBB42D5EF25E51DE.mlw
path: /opt/CAPEv2/storage/binaries/6d41478f0258106d38ea1e6c5345da31531a624cf062522e774e08629e53c0f8
crc32: 0589E802
md5: 9942dbb42d5ef25e51de67aaf623fb23
sha1: 60ceaf76e6f4938bc00dcbfaf5bd17aa274dca1e
sha256: 6d41478f0258106d38ea1e6c5345da31531a624cf062522e774e08629e53c0f8
sha512: 1c2423163766e052a8a68343c161e2e719b98b31035459948bb03df28bcd6a281f934ac7bd537daaa43ec87f2e997f8193995b8fecffa6d93e412cce88d113e2
ssdeep: 196608:vTqV/8vLOlVdOS8eyZsL6Rq2NACwjzPc+WYXL2R2YrLnrl:+V0WoS8eyGLyPNAHvPcgL82uzrl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129A633826BE54C76FA3DA7735A6D5A19F4513F80283B84EB778DDA425E358F1880332C
sha3_384: c3de49d8e0554c8b960d1bf4e26af05525b3fe5c3d7dd293328ba3d725e9fa8d027a924aa24939728cd96b13e95d70f3
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Company TKG                                                 
FileDescription: Smart File Delete Setup                                     
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.aloyw also known as:

LionicTrojan.Win32.Ekstak.4!c
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.aloyw
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Ekstak.Htlq
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
GDataWin32.Backdoor.Bodelph.9V1HCY
JiangminTrojan.Ekstak.bveu
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!9942DBB42D5E
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0CB822
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGWin32:Adware-gen [Adw]
MaxSecureTrojan.Malware.121218.susgen

How to remove Trojan.Win32.Ekstak.aloyw?

Trojan.Win32.Ekstak.aloyw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment