Trojan

Trojan:Win32/Gatak.DR!dha removal guide

Malware Removal

The Trojan:Win32/Gatak.DR!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Gatak.DR!dha virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan:Win32/Gatak.DR!dha?



File Info:

crc32: 35202386
md5: 3ff258f535a6164625d990039af37118
name: 3FF258F535A6164625D990039AF37118.mlw
sha1: 6511bb6539fb5f97c98b8da2a7c2d8114c191db2
sha256: dcb01e06428287edb84ba27f5fe463891dca34fc9ac8677b33a6d651c436f8e8
sha512: 3bad4dc2ef41a0042bb0d1b40cc6d8371f879b57a694d9979f69fb900bb76062b44cf75ca4f3ce2e1006063db64b2007747a27ae461a9bb700e30a745a66bf71
ssdeep: 12288:R096VxgWThLO5RvHI0hhi42B2cgpFpMTFYke:R0IVxgWTY5Fo0n3cgAhYke
type: PE32 executable (console) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: fastprox.dll
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.17514
FileDescription: WMI Custom Marshaller
OriginalFilename: fastprox.dll
Translation: 0x0409 0x04b0

Trojan:Win32/Gatak.DR!dha also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Fakealert.49830
MicroWorld-eScanGen:Variant.Barys.99055
FireEyeGeneric.mg.3ff258f535a61646
CAT-QuickHealTrojan.Generic.MUE.JI8
McAfeeGenericRXBS-VI!3FF258F535A6
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0050f5341 )
BitDefenderGen:Variant.Barys.99055
K7GWTrojan ( 0050f5341 )
CrowdStrikewin/malicious_confidence_100% (D)
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Xpun.epszrd
AegisLabTrojan.Win32.Xpun.4!c
TencentWin32.Trojan.Xpun.Lqfi
Ad-AwareGen:Variant.Barys.99055
EmsisoftGen:Variant.Barys.99055 (B)
ComodoMalware@#3vlo2vtaqvzlb
F-SecureHeuristic.HEUR/AGEN.1112735
ZillyaTrojan.Injector.Win32.526042
TrendMicroTSPY_EMOTET.SMZD177
McAfee-GW-EditionGenericRXBS-VI!3FF258F535A6
SophosMal/Generic-S + Mal/Qbot-R
IkarusTrojan.Win32.Xpun
AviraHEUR/AGEN.1112735
Antiy-AVLTrojan/Win32.Xpun
MicrosoftTrojan:Win32/Gatak.DR!dha
ArcabitTrojan.Barys.D182EF
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Barys.99055
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Xpun.C1992588
VBA32BScope.Trojan.Gatak
ALYacGen:Variant.Barys.99055
MAXmalware (ai score=87)
MalwarebytesMalware.Heuristic.1001
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Injector.DPDF
TrendMicro-HouseCallTSPY_EMOTET.SMZD177
RisingTrojan.Crypto!8.364 (TFE:1:H9EGHBuDNxQ)
YandexTrojan.GenAsa!OutJm8XRtIw
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKyptik.AHZT!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.fda

How to remove Trojan:Win32/Gatak.DR!dha?

Trojan:Win32/Gatak.DR!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment