How to remove “Trojan.Win32.Ekstak.yvyw”?

The Trojan.Win32.Ekstak.yvyw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Ekstak.yvyw virus can do?

• Reads data out of its own binary image
• Drops a binary and executes it
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• Installs itself for autorun at Windows startup
• Network activity detected but not expressed in API logs
• Anomalous binary characteristics

How to determine Trojan.Win32.Ekstak.yvyw?

File Info:
crc32: 156B4B7E
md5: 77bf01fe25fb8086873c89e7cfd7c0d0
name: webplugin.exe
sha1: 1876e43d2513350e124c1c0436b5ebb321dbbebd
sha256: 7d6fcc98ecc9d5034ae92383cf85d6bd5a92a78e60c7436de6db5845470eba4b
sha512: 096001d2a6c1a785960b66a2da9623f0e5945ccc4032a9dc8e585b7c263ab21b3f2a776cb7bdf4102c6fa550380515c138731df9f92263e73d7eff8d6b71ac51
ssdeep: 49152:gJpZYNtxznPHOPlzOaIZCH51HShwda/8bHmM3RYhHCizQQMadGOL+qta:gJpatxzPH2Oa/EGdaUKXdC2Mad9LBta
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
ProductVersion: 400.1.1002.0
FileVersion: 400.1.1002.0
ProductName: WebPlugin 400.1.1002.0
Translation: 0x0000 0x0000

Trojan.Win32.Ekstak.yvyw also known as:

How to remove Trojan.Win32.Ekstak.yvyw?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.