TrojanSpy:Win32/Rebhip.F removal

The TrojanSpy:Win32/Rebhip.F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanSpy:Win32/Rebhip.F virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process created a hidden window
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Detects Sandboxie through the presence of a library
Code injection with CreateRemoteThread in a remote process
Sniffs keystrokes
A process attempted to delay the analysis task by a long amount of time.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Checks for the presence of known devices from debuggers and forensic tools
Creates known SpyNet mutexes and/or registry changes.

Related domains:

z.whorecord.xyz

a.tomx.xyz

suchthefool.no-ip.info

How to determine TrojanSpy:Win32/Rebhip.F?


File Info:
crc32: CF12802F
md5: b57da0bb4ab2539f6053d75dbc6cca83
name: B57DA0BB4AB2539F6053D75DBC6CCA83.mlw
sha1: 5dee199a4bb57816b0991f2cc65fcf6cc3c8f6ea
sha256: 4f2eddeb3f64b4046319ce589cdf8faf7cee585ab6bb24b187439c92e2d171e1
sha512: 2bf48cd19827c3d01beae352d6bc27b2613531f9088db7b736fc2a76ab3ebb381277c5b24441a788fd0b6b665536a8edf9f1a243a459cb41c7181bb721d1f9d9
ssdeep: 6144:z6WF6DSDbzSZFuvaYB6ZigQ399XnYVn+kBIUYoc3Hzk/yS:z6u6DSDX6FuCYBuQ399Xns+yIUYXwK
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

TrojanSpy:Win32/Rebhip.F also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Ransom.Petya.Gen.1
FireEye	Generic.mg.b57da0bb4ab2539f
McAfee	Artemis!B57DA0BB4AB2
Cylance	Unsafe
VIPRE	Trojan.Win32.Agent.aac (v)
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004ce0ea1 )
BitDefender	Trojan.Ransom.Petya.Gen.1
K7GW	Trojan ( 004ce0ea1 )
Cybereason	malicious.b4ab25
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Llac.fkk
Alibaba	TrojanSpy:Win32/Rebhip.b89b160e
NANO-Antivirus	Trojan.Win32.Llac.qmpsy
AegisLab	Trojan.Win32.Llac.4!c
Rising	Trojan.Generic@ML.89 (RDML:PH9eGjARIoEAkOITuesgeg)
Ad-Aware	Trojan.Ransom.Petya.Gen.1
Emsisoft	Trojan.Ransom.Petya.Gen.1 (B)
Comodo	Malware@#skpdflrfcjr6
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	BackDoor.Cybergate.1
Zillya	Backdoor.Poison.Win32.59685
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	ML/PE-A + Mal/Agent-AAC
Ikarus	Worm.Win32.Carrier
Jiangmin	Trojan.Llac.crv
Avira	TR/Dropper.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Llac
Microsoft	TrojanSpy:Win32/Rebhip.F
Arcabit	Trojan.Ransom.Petya.Gen.1
ZoneAlarm	Trojan.Win32.Llac.fkk
GData	Trojan.Ransom.Petya.Gen.1
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Llac.C368828
Acronis	suspicious
BitDefenderTheta	AI:Packer.ACA74F811E
VBA32	BScope.Trojan.871206
Malwarebytes	Malware.AI.3976976637
Panda	Generic Malware
ESET-NOD32	a variant of Win32/Kryptik.GMW
Tencent	Win32.Trojan.Llac.Pezl
Yandex	Trojan.Llac!pxkOfxTbyUk
SentinelOne	Static AI – Malicious PE
eGambit	Generic.Dropper
Fortinet	W32/Generic.AC.2AD7!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (D)
Qihoo-360	Win32/Worm.Rebhip.HwcBxgcA

How to remove TrojanSpy:Win32/Rebhip.F?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

TrojanSpy:Win32/Rebhip.F removal