TrojanProxy:Win32/Bunitu.Q!bit removal guide

The TrojanProxy:Win32/Bunitu.Q!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanProxy:Win32/Bunitu.Q!bit virus can do?

Executable code extraction
Creates RWX memory
A process created a hidden window
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Attempts to identify installed AV products by registry key
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine TrojanProxy:Win32/Bunitu.Q!bit?


File Info:
crc32: C4557835
md5: f3262cf1fc20d46582975e19731fffb6
name: F3262CF1FC20D46582975E19731FFFB6.mlw
sha1: d23541428590e2857083b99f0295b6a98c6c64df
sha256: fd581460de1fc1a912cba1648656cc057f90cb46f160bf93cb5154d6303de7a3
sha512: 404f28fde2429c6190add7b2d9f9eaf9f5b3926ae58c493345c6a4cbd7a476d0819530e717b7e188c4bf551d71dfad3b024cdd919c30316e4117ddb16f2e7904
ssdeep: 3072:/Y0cpwE5T1mi3bQEtAscyIdytBrMOvwJVg7vMY3nTc6gYQEFkkgEPpTth4Q5dT+:fB63bQ1sRQyDpvE8VLg6hL9
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
FileDescription: DAP Error Report
CompanyName: Speedbit Ltd.  
Translation: 0x0409 0x04b0

TrojanProxy:Win32/Bunitu.Q!bit also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Injector.CKN
FireEye	Generic.mg.f3262cf1fc20d465
CAT-QuickHeal	Ransom.Cerber.A4
Qihoo-360	Generic/Trojan.e72
McAfee	Packed-MU!F3262CF1FC20
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Malicious.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0050c0801 )
BitDefender	Trojan.Injector.CKN
K7GW	Trojan ( 0050c0801 )
Cybereason	malicious.1fc20d
BitDefenderTheta	Gen:NN.ZexaF.34804.Kq0@aGzxPkai
Cyren	W32/S-43e50be1!Eldorado
Symantec	Trojan Horse
Baidu	Win32.Trojan.Kryptik.bix
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Ceao-6982077-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Bunitu.ali1000105
NANO-Antivirus	Trojan.Win32.Yakes.elxlir
Rising	Trojan.Kryptik!1.A877 (CLOUD)
Ad-Aware	Trojan.Injector.CKN
Sophos	Mal/Generic-S + Mal/CerberN-A
Comodo	TrojWare.Win32.Ransom.Cerber.BF@6tebck
F-Secure	Heuristic.HEUR/AGEN.1106825
DrWeb	Trojan.Siggen7.9985
Zillya	Trojan.Yakes.Win32.63281
TrendMicro	Ransom_HPCERBER.SMALY5A
McAfee-GW-Edition	BehavesLike.Win32.Dropper.ht
Emsisoft	Trojan.Injector.CKN (B)
Ikarus	Trojan-Proxy.Agent
Jiangmin	Trojan.Yakes.ugu
Avira	HEUR/AGEN.1106825
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Win32.Yakes
Microsoft	TrojanProxy:Win32/Bunitu.Q!bit
Arcabit	Trojan.Injector.CKN
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Injector.CKN
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/RansomCrypt.Gen
Acronis	suspicious
VBA32	BScope.Trojan.Menti
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.FONP
TrendMicro-HouseCall	Ransom_HPCERBER.SMALY5A
Tencent	Malware.Win32.Gencirc.10b57814
Yandex	Trojan.GenAsa!48GFITBYl2M
SentinelOne	Static AI – Malicious PE – Ransomware
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Kryptik.HGZD!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)

How to remove TrojanProxy:Win32/Bunitu.Q!bit?

TrojanProxy:Win32/Bunitu.Q!bit removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

TrojanProxy:Win32/Bunitu.Q!bit removal guide