About "Trojan:Win32/Glupteba.OV!MTB" infection

The Trojan:Win32/Glupteba.OV!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Glupteba.OV!MTB virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process created a hidden window
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan:Win32/Glupteba.OV!MTB?


File Info:
crc32: F5B2206C
md5: 6e3931892ecdec7410c508a5989c864a
name: 6E3931892ECDEC7410C508A5989C864A.mlw
sha1: 7394ffaa4c07158f6297e8b1f810dfd3d1f225cf
sha256: 5386335debe7df955f9f8cf8e2fa0d5d482b197a3e24c59b0197eba5bf3d28b4
sha512: 96f28b5b93de0050e3b0f624edad0eaeac55951c9a8527100ff5014b8ce5172abca4f0200b56c04811954426468455341e3a066bb9fbf8fde48f0ecaea956447
ssdeep: 6144:YE+yncLehZ0TtVCmn1flTrM0+18oM80/JVhxhKgWSULvBb6TEuw7Y:cycShZ0TtVCWlTrMHBMXLh3WpJ9Y
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan:Win32/Glupteba.OV!MTB also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36436366
FireEye	Generic.mg.6e3931892ecdec74
CAT-QuickHeal	Trojan.Multi
ALYac	Trojan.GenericKD.36436366
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005789b21 )
BitDefender	Trojan.GenericKD.36436366
K7GW	Trojan ( 005789b21 )
Cybereason	malicious.a4c071
Cyren	W32/Kryptik.DLO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Malware.Botx-9838326-0
Kaspersky	HEUR:Trojan-Spy.Win32.Noon.gen
Alibaba	TrojanSpy:Win32/Glupteba.81f9ce1e
NANO-Antivirus	Trojan.Win32.Noon.inpfxo
ViRobot	Trojan.Win32.S.Agent.305152.DW
Rising	Malware.Obscure/Heur!1.9E03 (CLOUD)
Ad-Aware	Trojan.GenericKD.36436366
Emsisoft	Trojan.Crypt (A)
Comodo	Malware@#2bwc4ecrxp3hp
F-Secure	Trojan.TR/Crypt.Agent.ljamy
DrWeb	Trojan.Fbng.50
TrendMicro	TrojanSpy.Win32.NOON.THCOCBA
McAfee-GW-Edition	BehavesLike.Win32.Packed.dc
Sophos	Mal/Generic-S
Ikarus	Trojan-Banker.UrSnif
Avira	TR/Crypt.Agent.ljamy
eGambit	Unsafe.AI_Score_64%
Antiy-AVL	Trojan[Spy]/Win32.Noon
Microsoft	Trojan:Win32/Glupteba.OV!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Generic.D22BF98E
ZoneAlarm	HEUR:Trojan-Spy.Win32.Noon.gen
GData	Trojan.GenericKD.36436366
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.MalPe.R368818
McAfee	Packed-GDK!6E3931892ECD
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Glupteba
Malwarebytes	Glupteba.Backdoor.Bruteforce.DDS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HJSS
TrendMicro-HouseCall	TrojanSpy.Win32.NOON.THCOCBA
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/UrSnif.F628!tr
BitDefenderTheta	Gen:NN.ZexaF.34608.sCX@aiDoCQbG
AVG	Win32:TrojanX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Win32/Trojan.Generic.HwoCoVcA

How to remove Trojan:Win32/Glupteba.OV!MTB?

Trojan:Win32/Glupteba.OV!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Trojan:Win32/Glupteba.OV!MTB” infection