Trojan

TrojanDownloader:Win32/Citeary.A!MTB removal instruction

Malware Removal

The TrojanDownloader:Win32/Citeary.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Citeary.A!MTB virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Citeary.A!MTB?



File Info:

name: 532FD52D1BB3AEB98F4E.mlw
path: /opt/CAPEv2/storage/binaries/ef230a0820fb087b0cb662a38b62282d46c983c8c6968e0a70086ad2a739e693
crc32: 5B991DC1
md5: 532fd52d1bb3aeb98f4e5f07adb5a352
sha1: d3cc95a18b489d4a7030642db5878d3a11ac3f87
sha256: ef230a0820fb087b0cb662a38b62282d46c983c8c6968e0a70086ad2a739e693
sha512: bab49fafd238c781fca8d91fc513c60eb8711a3a5b2c06a2deba3ff168d2f8bd02ffafbfc22101a7b50de6ab3501a7bc178ae2bee12d2ef4c7ed0b63d8257330
ssdeep: 6144:6B+BhEjoBfLdbNVOY5LY9CsDykwXNMWAi3cuOjyLDWCa6P58Rt3qgDHt5Fsp6Yre:MohjbbHOY5c9CsDrgMLiMuf8YpO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12DD45A12B7E68436F2F31B70AA7997715A7EBD211A3AC02F5394594D2D306E0DA3073B
sha3_384: 643f777a6850f365a20f9d759ba48d61080be2400d65282c9d41aa144ef019c34e5c0be35f6a1d1fb7e08a082b65a0ab
ep_bytes: 558bec6aff6890764400689063420064
timestamp: 2006-05-24 16:57:31


Version Info:

CompanyName: Macrovision Corporation
FileDescription: Setup.exe
FileVersion: 12.0.49974
InternalName: Setup
OriginalFilename: Setup.exe
LegalCopyright: Copyright (C) 2006 Macrovision Corporation
ProductName: InstallShield
ProductVersion: 12.0
OLESelfRegister: 
Translation: 0x0409 0x04b0

TrojanDownloader:Win32/Citeary.A!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Citeary.4!c
DrWebTrojan.BrowseBan.565
MicroWorld-eScanTrojan.Generic.34313933
FireEyeGeneric.mg.532fd52d1bb3aeb9
CAT-QuickHealTrojanDownloader.Small.BPQ4
SkyhighBehavesLike.Win32.Infected.hh
ALYacTrojan.Generic.34313933
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005057171 )
AlibabaTrojanDownloader:Win32/Citeary.fafa606e
K7GWTrojan ( 005057171 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Generic.D20B96CD
VirITWin32.Virut.CI
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AntiAV.NFM
CynetMalicious (score: 99)
APEXMalicious
ClamAVWin.Trojan.KillAV-47
KasperskyUDS:Trojan.Win32.Agent.fnjl
BitDefenderTrojan.Generic.34313933
NANO-AntivirusTrojan.Win32.Scar.brwwu
AvastWin32:Geral [Trj]
TencentWin32.Worm.Citeary.Gwnw
SophosMal/Generic-S
F-SecureWorm.WORM/Citeary.doua
BaiduWin32.Backdoor.Agent.n
EmsisoftTrojan.Generic.34313933 (B)
SentinelOneStatic AI – Suspicious PE
JiangminHeur:TrojanDownloader.Agent
VaristW32/KillAV.AI.gen!Eldorado
AviraWORM/Citeary.doua
Kingsoftmalware.kb.a.977
MicrosoftTrojanDownloader:Win32/Citeary.A!MTB
ZoneAlarmUDS:Trojan.Win32.Agent.fnjl
GDataWin32.Trojan-Downloader.Agent.AD
GoogleDetected
McAfeeDownloader-FUV!532FD52D1BB3
MAXmalware (ai score=81)
VBA32BScope.Trojan.BrowseBan
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
RisingWorm.Citeary!1.D87E (CLASSIC)
IkarusWorm.Win32.Citeary
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/AntiAV.NFM!tr
AVGWin32:Geral [Trj]
Cybereasonmalicious.18b489
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Citeary.A!MTB?

TrojanDownloader:Win32/Citeary.A!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment