Trojan

Trojan:Win32/Antivirusxp removal tips

Malware Removal

The Trojan:Win32/Antivirusxp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Antivirusxp virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the shellcode patterns malware family
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Antivirusxp?



File Info:

name: E979FB2EB504972ED87A.mlw
path: /opt/CAPEv2/storage/binaries/9d45ae1d8d3749efbe72b24bc20142e8c55b88a0733a45e5fe8579cf24981f33
crc32: 6A96C1B9
md5: e979fb2eb504972ed87ad3c825ec6c2c
sha1: 7a927cfa6d413f66da1ae05f668ce85b3547aaf2
sha256: 9d45ae1d8d3749efbe72b24bc20142e8c55b88a0733a45e5fe8579cf24981f33
sha512: df1b55bff5fdee03cd77d59befe5ccfef555100605f7e9782e0a90e21ad6f67c92bdf925e2844d042c9da48e1c05eb4970460683aebbec2bf5a3f9cf6341bee6
ssdeep: 24576:oFClUXZEi1emUdr7GL6UDG5t1IXQNqXMgmm793HUwiSoD4HN5zg5nv:RlUpENr6LfotWX6+h9iSK8zKnv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D55338FBD48DC93F653533A17EABFB2CAB8E530095227833B1411A666A6041F709CF5
sha3_384: b5d94066c8ee6cc37685b6a9a73d5903c66d4a2c30040c66e240d26dd52b0117f8835a015786df2b14bb9af89599d5ab
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-02-08 21:25:06


Version Info:

0: [No Data]

Trojan:Win32/Antivirusxp also known as:

BkavW32.Common.2F48318A
LionicTrojan.Win32.XpAntivirus.c!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.140
MicroWorld-eScanAdware.XpAntivirus.AJ
FireEyeAdware.XpAntivirus.AJ
CAT-QuickHealFraudTool.XPAntivirus
SkyhighBehavesLike.Win32.Dropper.tc
McAfeeFakeAV-AB.m
MalwarebytesFakeAlert.Trojan.Downloader.DDS
VIPREAdware.XpAntivirus.AJ
SangforDownloader.Win32.Antivirusxp.Vrkz
K7AntiVirusTrojan-Downloader ( 004cc8711 )
AlibabaTrojanDownloader:Win32/SchoolGirl.4c5def60
K7GWTrojan-Downloader ( 004cc8711 )
Cybereasonmalicious.eb5049
BitDefenderThetaGen:NN.ZexaF.36802.@xW@a4eYo5ki
SymantecXPAntivirus
ESET-NOD32Win32/TrojanDownloader.FakeAlert.DR
TrendMicro-HouseCallTROJ_GEN.R002H06J723
ClamAVWin.Trojan.Peed-274
KasperskyTrojan-FakeAV.Win32.AntivirusXP2008.cn
BitDefenderAdware.XpAntivirus.AJ
NANO-AntivirusTrojan.Win32.Agent.bnrao
AvastWin32:Zhelatin-DKB [Wrm]
TencentWin32.Trojan-FakeAV.Antivirusxp2008.Snkl
EmsisoftAdware.XpAntivirus.AJ (B)
F-SecureRogue:W32/XPAntivirus.GGZ
ZillyaTool.AntivirusXP2008.Win32.45
TrendMicroTROJ_FAKEALER.HF
SophosTroj/PWS-ASA
MAXmalware (ai score=100)
JiangminTrojan/AntivirusXP2008.d
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.SchoolGirl
Kingsoftmalware.kb.a.856
MicrosoftTrojan:Win32/Antivirusxp
XcitiumMalware@#16r1tclzdjc80
ArcabitAdware.XpAntivirus.AJ [many]
ViRobotTrojan.Win32.Z.Agent.1399061
ZoneAlarmTrojan-FakeAV.Win32.AntivirusXP2008.cn
GDataTrojan.Peed.JPX
AhnLab-V3Trojan/Win32.FakeAV.C45415
VBA32Hoax.Win32.AntiAV.8
ALYacAdware.XpAntivirus.AJ
Cylanceunsafe
PandaAdware/AntivirusXP2008
RisingTrojan.Generic@AI.99 (RDML:rcuUfaL/XS4d6ZUTADETBA)
YandexTrojan.GenAsa!/YwKk3zbNek
IkarusTrojan.Win32.Agent
FortinetRiskware/AntivirusXP2008
AVGWin32:Zhelatin-DKB [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan:Win/Injuke.gen

How to remove Trojan:Win32/Antivirusxp?

Trojan:Win32/Antivirusxp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment