Trojan

Trojan.Win32.Ekstak.lpui removal tips

Malware Removal

The Trojan.Win32.Ekstak.lpui is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.lpui virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan.Win32.Ekstak.lpui?



File Info:

name: 917AB7A695F1BCB4F640.mlw
path: /opt/CAPEv2/storage/binaries/03ea2f9a27370f491b6613128739e110d844750f422861c14c66feeed3fd14f7
crc32: 4977489A
md5: 917ab7a695f1bcb4f640ab3eef4317dc
sha1: bc82984abb56d1bf1497641a60f8778889a49a96
sha256: 03ea2f9a27370f491b6613128739e110d844750f422861c14c66feeed3fd14f7
sha512: c4b56aa67037cdbd3d315fe782e5fc8a28bc9a9206a82948f2827087191909e5591dd86770ad047555febedd3bf7c2af03c1089e9f041c595d628c74120fdf6c
ssdeep: 98304:f06FOznLo0+Dd6uxcyJ51/0r1IFBXm5Q:f3F6n80W6uG0L06L9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A3D62342F392D0B1E56D01B90965CAB20F357D3257BAC4F77BC079AE9E303D09A3664A
sha3_384: d403a8c9752de329c1a17caecc41b9a6a60f596bc6fc9cad02c201bbd01bc95e47d8654b955c55c75d719be32871553b
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2012-06-14 16:16:10


Version Info:

CompanyName: Instaler R
FileDescription: Cracked
FileVersion: 1.0.8.0
OriginalFilename: suf_launch.exe
ProductVersion: 0.0.0.0
Translation: 0x0409 0x0000

Trojan.Win32.Ekstak.lpui also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.40928095
FireEyeTrojan.GenericKD.40928095
McAfeeArtemis!917AB7A695F1
MalwarebytesAdware.IndiLoadz
SangforTrojan.Win32.Save.a
CrowdStrikewin/grayware_confidence_90% (W)
AlibabaTrojan:Win32/Ekstak.b330e2a1
K7GWTrojan ( 0054444e1 )
K7AntiVirusTrojan ( 0054444e1 )
VirITTrojan.Win32.Dnldr27.BDQI
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.lpui
BitDefenderTrojan.GenericKD.40928095
NANO-AntivirusTrojan.Win32.Ekstak.flmdls
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b4b27c
Ad-AwareTrojan.GenericKD.40928095
SophosMal/Generic-S
ComodoMalware@#1gcow6w77pb8d
DrWebTrojan.DownLoader27.20028
ZillyaAdware.StartSurf.Win32.89935
TrendMicroTROJ_GEN.R002C0WE122
McAfee-GW-EditionBehavesLike.Win32.Dropper.rz
EmsisoftTrojan.GenericKD.40928095 (B)
IkarusTrojan-Dropper.LUA.Agent
GDataTrojan.GenericKD.40928095
AviraTR/Indiloadz.rrfdu
MAXmalware (ai score=80)
ArcabitTrojan.Generic.D270835F
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Cloxer.R250019
Acronissuspicious
ALYacTrojan.GenericKD.40928095
VBA32Trojan.Ekstak
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002C0WE122
RisingTrojan.Undefined!8.1327C (CLOUD)
FortinetW32/Indiloadz.BA!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Trojan.Win32.Ekstak.lpui?

Trojan.Win32.Ekstak.lpui removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment