Trojan

Should I remove “Trojan:Win32/Conti.GA!MTB”?

Malware Removal

The Trojan:Win32/Conti.GA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Conti.GA!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library

How to determine Trojan:Win32/Conti.GA!MTB?



File Info:

crc32: 24B77C3C
md5: 1bf3028a0b65a4174a66f3677e872026
name: 1BF3028A0B65A4174A66F3677E872026.mlw
sha1: 1e33b01f84a96b93cdded1d23fdb1b7f6f58a077
sha256: 619393d5caf08cf12e3e447e71b139a064978216122e40f769ac8838a7edfca4
sha512: 936ff25ea9a75cd6cca0c10776fd9ad056cf041691a1ddfc7e39c1e978f05e4be2fd0e96556a4b910336f2f117a98d5a22aebe59c508fd53b03e3306ede1c138
ssdeep: 12288:nTcqwHtDnDnP5qLKRKd7LE8M/vBD4pa1OWxd1Ysblvd6Q3kW7743kG1isitWi:nTcqwHtDnDnP5qLKRKBL3uvd4TWf1Ys3
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: nf fgnf
InternalName: fgbnfgnmghm 
FileVersion: dbd bfgb
LegalTrademarks:   
ProductName: nfg
ProductVersion: nfgnfgnfgn fgnfgnfgnfgn
FileDescription:  234bfg dfbn
OriginalFilename: gfnf
Translation: 0x0419 0x04b0

Trojan:Win32/Conti.GA!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.FickerRI.S18569813
ALYacGen:Variant.Ser.Zusy.3110
CylanceUnsafe
ZillyaTrojan.GenKryptik.Win32.73990
SangforTrojan.Win32.Conti.GA
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Conti.aaf8533a
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.a0b65a
CyrenW32/Trojan.EDDA-4555
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/GenKryptik.FAMQ
APEXMalicious
AvastWin32:BotX-gen [Trj]
KasperskyHEUR:Trojan-PSW.Win32.Ficker.gen
BitDefenderGen:Variant.Ser.Zusy.3110
NANO-AntivirusTrojan.Win32.Ficker.ijfdwk
ViRobotTrojan.Win32.Z.Ficker.635904
MicroWorld-eScanGen:Variant.Ser.Zusy.3110
TencentMalware.Win32.Gencirc.11b92137
Ad-AwareGen:Variant.Ser.Zusy.3110
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Nekark.byhxj
BitDefenderThetaGen:NN.ZexaF.34608.Mq3@aimOq!pc
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PBB21
McAfee-GW-EditionGenericRXNL-IL!1BF3028A0B65
FireEyeGeneric.mg.1bf3028a0b65a417
EmsisoftGen:Variant.Ser.Zusy.3110 (B)
SentinelOneStatic AI – Suspicious PE
AviraTR/AD.Nekark.byhxj
MicrosoftTrojan:Win32/Conti.GA!MTB
ArcabitTrojan.Ser.Zusy.DC26
AegisLabTrojan.Win32.Ficker.i!c
ZoneAlarmHEUR:Trojan-PSW.Win32.Ficker.gen
GDataGen:Variant.Ser.Zusy.3110
AhnLab-V3Malware/Gen.Reputation.C4311140
McAfeeGenericRXNL-IL!1BF3028A0B65
MAXmalware (ai score=81)
VBA32Malware-Cryptor.Inject.gen
MalwarebytesSpyware.FickerStealer
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PBB21
RisingTrojan.Cryptor!8.11DA0 (CLOUD)
YandexTrojan.Agent!xeOSHRGpLAs
IkarusTrojan.Win32.Krypt
FortinetW32/Ficker.FAMQ!tr
AVGWin32:BotX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/TrojanPSW.Generic.HwgANU4A

How to remove Trojan:Win32/Conti.GA!MTB?

Trojan:Win32/Conti.GA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment