Trojan

TrojanDropper:PowerShell/Ploty.C removal instruction

Malware Removal

The TrojanDropper:PowerShell/Ploty.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:PowerShell/Ploty.C virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Uses Windows utilities for basic functionality
  • A potential decoy document was displayed to the user
  • Network activity detected but not expressed in API logs

How to determine TrojanDropper:PowerShell/Ploty.C?



File Info:

crc32: 63745243
md5: ee1db75135afb2e3ce87626f84b0f6aa
name: upload_file
sha1: 6f3df97435fa4b3ee3ec996b98964881f2af75e5
sha256: 2bfdfd0f7fc59b3cc6655d8f25b05601b5d78de0a0caa954438c5f30fbd9f9ad
sha512: 16c25043f853b15b818fffb149904c7f6793ea12555c24b1bf7d20a33b9685b73c736c06accff1513e5dbd12a7ebc26e92220fe66da28226e560d270f810db78
ssdeep: 96:iNs4CEaVuvHqVSVhXUHUwll0VYb5uxWBZjgNcbXAQKIfNaoClmbrOKgAkmeBH+KQ:iNs4CRufqVSVhXUHD02bUoPf5VYAGHU9
type: Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators


Version Info:

0: [No Data]

TrojanDropper:PowerShell/Ploty.C also known as:

ClamAVTxt.Dropper.MeterpreterROR13Shellcode-7111140-0
CAT-QuickHealBAT.Powershell.5044
ArcabitGeneric.PwShell.Rozena.3.2EF68C64
InvinceaATK/Tlaboc-A
SymantecISB.Downloader!gen178
AvastPwrSh:PowerSploit-D [Trj]
CynetMalicious (score: 85)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.PwShell.Rozena.3.2EF68C64
NANO-AntivirusTrojan.Script.Agent.fkqtcw
MicroWorld-eScanGeneric.PwShell.Rozena.3.2EF68C64
Ad-AwareGeneric.PwShell.Rozena.3.2EF68C64
EmsisoftGeneric.PwShell.Rozena.3.2EF68C64 (B)
F-SecureTrojan.TR/PowerShell.Gen
FireEyeGeneric.PwShell.Rozena.3.2EF68C64
SophosATK/Tlaboc-A
AviraTR/PowerShell.Gen
MicrosoftTrojanDropper:PowerShell/Ploty.C
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGeneric.PwShell.Rozena.3.2EF68C64
ALYacGeneric.PwShell.Rozena.3.2EF68C64
ESET-NOD32PowerShell/Kryptik.Z
MAXmalware (ai score=88)
FortinetBAT/Rozena.AJ!tr
AVGPwrSh:PowerSploit-D [Trj]

How to remove TrojanDropper:PowerShell/Ploty.C?

TrojanDropper:PowerShell/Ploty.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment