Trojan

TrojanDownloader:Win32/Renos!pz malicious file

Malware Removal

The TrojanDownloader:Win32/Renos!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Renos!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Renos!pz?



File Info:

name: F146EDF3B91D616ABB11.mlw
path: /opt/CAPEv2/storage/binaries/74cd46defa129676c76d075f7a710844017549fbeceb80f6b5000d8cfc585d85
crc32: 6FB9708E
md5: f146edf3b91d616abb11d63832273575
sha1: 47cab3dbd7cab87e14f6931427341a20b4106cbe
sha256: 74cd46defa129676c76d075f7a710844017549fbeceb80f6b5000d8cfc585d85
sha512: a3b1c240e4fe3f949885b4d8b545b15a007a3f90c6d91b7af0e9b09a4b26a7b260a95cd08594c382c2670bab8beed24f1eaaf9609fface39d8f642601e6cc88a
ssdeep: 3072:7ER5Nb87yd6SuK1JvXDhAq5tLHaEBbaYsPj7:7EJ2K1JvN5eEB5sb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CD145BC25292CD79E44F8B78FDBF88188C7917DEDAE1434940FC0CF994DA265C6D92A2
sha3_384: 965a2a4ae0b919d5f790f86d95e8465c026f571967afba9a349c2e7963e033b94b836d5b65996eab1ecf550a620c94c4
ep_bytes: 4eeb226d000059004600004a00700000
timestamp: 2009-04-03 03:19:14


Version Info:

CompanyName: Windows (R) Codename Longhorn DDK provider
FileDescription: Windows Setup API
FileVersion: 6.0.706.1772
InternalName: Extrim Edition.exe
LegalCopyright: Copyright © Extrim Windows Edition 2011
OriginalFilename: Extrim Edition.exe
ProductName: MSE Extrim Edition Version 2011
ProductVersion: 6.0.706.1772
Translation: 0x0409 0x04b0

TrojanDownloader:Win32/Renos!pz also known as:

BkavW32.RenosQKBR.Fam.Trojan
LionicTrojan.Win32.CodecPack.lmEy
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Renos.41
FireEyeGeneric.mg.f146edf3b91d616a
CAT-QuickHealTrojan.Renos.LX
SkyhighDownloader-CEW.q
McAfeeDownloader-CEW.q
MalwarebytesMalware.AI.4156712890
ZillyaDownloader.CodecPack.Win32.12595
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaPacked:Win32/FakeAlert.fc1ca867
K7GWTrojan-Downloader ( 005654721 )
K7AntiVirusTrojan-Downloader ( 005654721 )
VirITTrojan.Win32.Crypt.AFCZ
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.FakeAlert.BBT
APEXMalicious
TrendMicro-HouseCallTROJ_FAKEAV.SM2
ClamAVWin.Downloader.100328-1
KasperskyPacked.Win32.Krap.ih
BitDefenderGen:Variant.Renos.41
NANO-AntivirusTrojan.Win32.CodecPack.bwotg
AvastWin32:Downloader-FCQ [Trj]
SophosMal/FakeAV-CX
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoad2.19163
VIPREGen:Variant.Renos.41
TrendMicroTROJ_FAKEAV.SM2
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Renos.41 (B)
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=100)
JiangminTrojanDownloader.CodecPack.bnz
WebrootW32.Rogue.Gen
GoogleDetected
AviraTR/Crypt.XPACK.Gen
VaristW32/FakeAlert.IV.gen!Eldorado
Antiy-AVLTrojan[Packed]/Win32.Krap
KingsoftWin32.Troj.Undef.a
MicrosoftTrojanDownloader:Win32/Renos!pz
XcitiumMalCrypt.Indus!@1qrzi1
ArcabitTrojan.Renos.41
ViRobotTrojan.Win32.Downloader.207872.O
ZoneAlarmPacked.Win32.Krap.ih
GDataGen:Variant.Renos.41
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Fakeav12.Gen
BitDefenderThetaGen:NN.ZexaF.36802.mK0@aWZaMwoi
VBA32Trojan.FakeAddon.xc
Cylanceunsafe
PandaTrj/Genetic.gen
RisingDownloader.Renos!8.1D0 (TFE:1:BXjbBnMc9RH)
YandexTrojan.DL.FakeAlert!+alkgD7+uY0
IkarusTrojan.Win32.FakeAV
MaxSecureTrojan.Malware.1579628.susgen
FortinetW32/CodecPack.ACNN!tr.dldr
AVGWin32:Downloader-FCQ [Trj]
Cybereasonmalicious.3b91d6
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Renos!pz?

TrojanDownloader:Win32/Renos!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment