TrojanDownloader:Win32/Banload.BGM removal guide

The TrojanDownloader:Win32/Banload.BGM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDownloader:Win32/Banload.BGM virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Presents an Authenticode digital signature
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
A process created a hidden window
Performs some HTTP requests
Attempts to create or modify system certificates
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

veranimeon.com

doc-0s-a8-docs.googleusercontent.com

How to determine TrojanDownloader:Win32/Banload.BGM?


File Info:
crc32: 0C4505F0
md5: 11821cce671573647b65c7ec8193f2ad
name: 11821CCE671573647B65C7EC8193F2AD.mlw
sha1: b679ffc8e7db0eab0a593291bddb68970a1d2df6
sha256: dd2b5ea4af7ffd6e33094e2f845e7b2ee44c3ffb1a84de51a05f19b426f476c6
sha512: 0984d5393cf59fa692be87aced48fab4d824002c7cc87d63f8a5ff379f1ec01dba841f89558dc17f3799f6e7f7b53c26fc529029fd58831a3a9d8b3f4955d0f6
ssdeep: 1536:doez95iai9AltD/J/ABk5Kxo6VsbZ3DhxSMuFPNS5QCpL:W0biai9Af3J6VsbZ3DhZujS5QCpL
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 17.0.0.188
InternalName: lkproc.exe
FileVersion: 17.0.0.188
ProductVersion: 17.0.0.188
FileDescription:  
OriginalFilename: lkproc.exe

TrojanDownloader:Win32/Banload.BGM also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILPerseus.37729
FireEye	Generic.mg.11821cce67157364
ALYac	Gen:Variant.MSILPerseus.37729
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan-Downloader ( 00513f531 )
BitDefender	Gen:Variant.MSILPerseus.37729
K7GW	Trojan-Downloader ( 00513f531 )
CrowdStrike	win/malicious_confidence_80% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34804.lq1@aewd1ul
Symantec	Trojan.Gen.2
APEX	Malicious
Avast	MSIL:Banker-EF [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	TrojanDownloader:Win32/Banload.c4cc57a9
NANO-Antivirus	Trojan.Win32.Banload.erseaa
AegisLab	Trojan.Multi.Generic.4!c
Ad-Aware	Gen:Variant.MSILPerseus.37729
Sophos	Mal/Generic-S
Comodo	Malware@#29z4c35xkqu2q
F-Secure	Heuristic.HEUR/AGEN.1101244
Zillya	Downloader.Banload.Win32.82591
McAfee-GW-Edition	GenericRXIT-MN!11821CCE6715
Emsisoft	Gen:Variant.MSILPerseus.37729 (B)
Ikarus	Trojan-Downloader.MSIL.Banload
eGambit	Unsafe.AI_Score_99%
Avira	HEUR/AGEN.1101244
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	Win32.Troj.Generic.v.(kcloud)
Microsoft	TrojanDownloader:Win32/Banload.BGM
Arcabit	Trojan.MSILPerseus.D9361
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.MSILPerseus.37729
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Agent.R156149
McAfee	GenericRXIT-MN!11821CCE6715
MAX	malware (ai score=100)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Malware.AI.2054009653
Panda	Trj/GdSda.A
ESET-NOD32	a variant of MSIL/TrojanDownloader.Banload.DY
Rising	Downloader.Banload!8.15B (TFE:C:txNsz0JwZeR)
Fortinet	MSIL/Banload.DY!tr.dldr
Webroot	W32.Trojan.Genkd
AVG	MSIL:Banker-EF [Trj]
Cybereason	malicious.e67157
Qihoo-360	Win32/Trojan.7f5

How to remove TrojanDownloader:Win32/Banload.BGM?

TrojanDownloader:Win32/Banload.BGM removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

TrojanDownloader:Win32/Banload.BGM removal guide