Trojan

TrojanDownloader:Win32/Renos.PT removal instruction

Malware Removal

The TrojanDownloader:Win32/Renos.PT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Renos.PT virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Russian
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
doubleclick.com
tudou.com

How to determine TrojanDownloader:Win32/Renos.PT?



File Info:

crc32: A8CAA90E
md5: bab8a044eb572dde79284582c60ea983
name: BAB8A044EB572DDE79284582C60EA983.mlw
sha1: f39ce8cf7752b21fca25ddc8e706d1bb013e6254
sha256: 99027832470ea85f51bdd9a0e2bb31f5c0371280cad3a79b5bc0693a9ebe22a2
sha512: 35c49366983e9373011d426cb22f814d24fdc44f2a73bda49d20f4e790f6e7550927a814cffdee2f2353d52131cf0e201449ca2846b0fe05918ac3da2d635605
ssdeep: 6144:Xppp5acPkDjvNmE8i7wJvmK1h8QnZ4evG8VFk:XecPkDLgPuwsK4QnZ3G4k
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) G DoctorWeb, Ltd., 1992-2011
InternalName: Dr.Web for Windows Q
FileVersion: 5.0.572.1152
CompanyName: ComponentOne LLC
LegalTrademarks: 
Comments: 
ProductName: Dr.Web for Windows dj
ProductVersion: 5.0.572.1152
FileDescription: 4DrWeb For Windows p 2011
OriginalFilename: 2PE-PROTECTorh2.exe
Translation: 0x0419 0x04e3

TrojanDownloader:Win32/Renos.PT also known as:

BkavW32.RenosQKBU.Fam.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Conjar.9
FireEyeGeneric.mg.bab8a044eb572dde
CAT-QuickHealTrojan.Renos.LX
CylanceUnsafe
VIPREVirTool.Win32.Obfuscator.hg!b1 (v)
AegisLabHacktool.Win32.FlashApp.3!c
SangforMalware
K7AntiVirusTrojan ( 005485311 )
BitDefenderGen:Heur.Conjar.9
K7GWTrojan ( 005485311 )
CyrenW32/FakeAlert.KN.gen!Eldorado
SymantecTrojan.FakeAV!gen48
TotalDefenseWin32/Renos.D!generic
APEXMalicious
AvastWin32:MalOb-EM [Cryp]
ClamAVWin.Trojan.FakeAV-14042
KasperskyHEUR:Hoax.Win32.FlashApp.a
AlibabaTrojan:Win32/FlashApp.843f0bbf
NANO-AntivirusTrojan.Win32.CodecPack.iebbj
ViRobotTrojan.Win32.A.Downloader.212992.B
TencentMalware.Win32.Gencirc.10b5a010
Ad-AwareGen:Heur.Conjar.9
SophosML/PE-A + Mal/FakeAV-IZ
ComodoTrojWare.Win32.Kryptik.VL@2qgufe
F-SecureTrojan.TR/Crypt.XPACK.Gen3
DrWebTrojan.Siggen.64544
ZillyaTrojan.FakeAV.Win32.49346
TrendMicroTROJ_FAKEAV.SM1C
McAfee-GW-EditionBehavesLike.Win32.Emotet.dc
EmsisoftGen:Heur.Conjar.9 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDownloader.CodecPack.can
AviraTR/Crypt.XPACK.Gen3
Antiy-AVLTrojan[Downloader]/Win32.CodecPack
MicrosoftTrojanDownloader:Win32/Renos.PT
ArcabitTrojan.Conjar.9
SUPERAntiSpywareTrojan.Agent/Gen-FakeAlert[DrWeb]
ZoneAlarmHEUR:Hoax.Win32.FlashApp.a
GDataGen:Heur.Conjar.9
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.FakeAV.R2894
Acronissuspicious
McAfeeDownloader-CEW.y
VBA32BScope.TrojanPSW.Stealer
MalwarebytesTrojan.Agent
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.KYU
TrendMicro-HouseCallTROJ_FAKEAV.SM1C
RisingDownloader.Renos!8.1D0 (CLOUD)
YandexTrojan.Codecpack.Gen.14
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.1718450.susgen
FortinetW32/Krypt.QKV!tr
BitDefenderThetaGen:NN.ZexaF.34804.nq0@aKViVRpi
AVGWin32:MalOb-EM [Cryp]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Downloader.984

How to remove TrojanDownloader:Win32/Renos.PT?

TrojanDownloader:Win32/Renos.PT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment