What is "TrojanSpy:MSIL/Omaneat.C"?

The TrojanSpy:MSIL/Omaneat.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanSpy:MSIL/Omaneat.C virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Compression (or decompression)
Creates RWX memory
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to remove evidence of file being downloaded from the Internet
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine TrojanSpy:MSIL/Omaneat.C?


File Info:
crc32: 1FCA50C2
md5: fb9f758d7d969c109d07537c3f5c1f65
name: FB9F758D7D969C109D07537C3F5C1F65.mlw
sha1: 6e6cd7cf05377e23fa989c46b8b4080b5de86616
sha256: dc8467db9663fbd17542f93d1baed11365003cf64911b5c6ef837658cbb153ef
sha512: 184f20ad3564aa535ee8fb9779d6a2af7b90f97840e602fda5661c2fe2d1d76544f2d50186be26ec22f21464ccc3672832526d3cce1a2910bd3be9250f87e31a
ssdeep: 49152:htBJ7CNlqwO7p3DoWKcRR4pStEP80qr52pGfg3qri5u4+Ioj/+rYx:htT7CNlqwO7p3EVcR2N8trEQfd8vxoS
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: qJKNQTOg.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: qJKNQTOg.exe

TrojanSpy:MSIL/Omaneat.C also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILKrypt.55
FireEye	Generic.mg.fb9f758d7d969c10
McAfee	Packed-KL!FB9F758D7D96
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 00508ccd1 )
BitDefender	Gen:Variant.MSILKrypt.55
K7GW	Trojan ( 00508ccd1 )
Cybereason	malicious.d7d969
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Generic-6331921-0
Kaspersky	Backdoor.Win32.Androm.muaq
Alibaba	Trojan:Win32/Kryptik.ali2000016
NANO-Antivirus	Trojan.Win32.Androm.emttlq
Ad-Aware	Gen:Variant.MSILKrypt.55
Sophos	Mal/Generic-R + Troj/Kryptik-GW
Comodo	Malware@#39hzw9m6q4rau
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	Trojan.DownLoader24.10405
TrendMicro	TROJ_GEN.R002C0PB221
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Emsisoft	Gen:Variant.MSILKrypt.55 (B)
Ikarus	Trojan.MSIL.Injector
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Microsoft	TrojanSpy:MSIL/Omaneat.C
Arcabit	Trojan.MSILKrypt.55
AegisLab	Trojan.Win32.Androm.m!c
ZoneAlarm	Backdoor.Win32.Androm.muaq
GData	Gen:Variant.MSILKrypt.55
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Siscos.C65127
BitDefenderTheta	Gen:NN.ZemsilF.34804.Rn0@a4l6XAo
ALYac	Gen:Variant.MSILKrypt.55
Malwarebytes	MachineLearning/Anomalous.95%
Panda	Trj/GdSda.A
ESET-NOD32	a variant of MSIL/Injector.RVH
TrendMicro-HouseCall	TROJ_GEN.R002C0PB221
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.YII!tr
AVG	Win32:BotX-gen [Trj]
Avast	Win32:BotX-gen [Trj]
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Backdoor.Androm.HgIASOQA

How to remove TrojanSpy:MSIL/Omaneat.C?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “TrojanSpy:MSIL/Omaneat.C”?