Should I remove "Trojan:Win32/Gozi.GF!MTB"?

The Trojan:Win32/Gozi.GF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Gozi.GF!MTB virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Steals private information from local Internet browsers
Collects information about installed applications
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Collects information to fingerprint the system
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

manillamemories.com

a.tomx.xyz

ip-api.com

How to determine Trojan:Win32/Gozi.GF!MTB?


File Info:
crc32: AEDEA845
md5: 7b7080dfa78891658329a731657547aa
name: 5.exe
sha1: 80b6df679605f4244857b7b80d658f3467a66011
sha256: 3a542702d224962f3c407f76f8f28ae2077003493e783479b60d178294e1ac45
sha512: 0808bec67c9b88d8b96e6fd9d78735450de6492b7e060f9c5e0795e04b44bd2d8a46264f0e9a7c84c9d4be6ad926155b63d09c79d07845779ea78ae16d858f28
ssdeep: 12288:tnNOK435Zn3461hd6tZikRjdFbhje4ge/LexH:tnK35Zn3RHduMkRhBH/LeV
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalSurname: dhrj.uxe
ProductionVersion: 1.0.4.8
Copyright: Copyrighd (C) 2020, odfrjv
TranslationUz: 0x0252 0x054e

Trojan:Win32/Gozi.GF!MTB also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Trojan.GenericKD.43460165
FireEye	Generic.mg.7b7080dfa7889165
Qihoo-360	Win32/Trojan.755
McAfee	Packed-GAO!7B7080DFA788
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 003e58dd1 )
BitDefender	Trojan.GenericKD.43460165
K7GW	Trojan ( 003e58dd1 )
Cybereason	malicious.79605f
Symantec	Packed.Generic.525
APEX	Malicious
GData	Trojan.GenericKD.43460165
Kaspersky	Trojan.Win32.Chapak.epmr
Alibaba	Trojan:Win32/Kryptik.556c6618
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.43460165 (B)
F-Secure	Trojan.TR/AD.VidarStealer.vgfvp
Invincea	heuristic
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Avira	TR/AD.VidarStealer.vgfvp
MAX	malware (ai score=87)
Microsoft	Trojan:Win32/Gozi.GF!MTB
Arcabit	Trojan.Generic.D2972645
ZoneAlarm	Trojan.Win32.Chapak.epmr
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4157297
VBA32	BScope.Trojan.Hynamer
Ad-Aware	Trojan.GenericKD.43460165
Malwarebytes	Trojan.MalPack
ESET-NOD32	a variant of Win32/Kryptik.HESU
Rising	Malware.Heuristic!ET#92% (RDMK:cmRtazqc+LQA7aG75ugNLdDsVjPw)
SentinelOne	DFI – Suspicious PE
eGambit	Unsafe.AI_Score_80%
Fortinet	PossibleThreat.PALLAS.H
BitDefenderTheta	Gen:NN.ZexaF.34132.EqW@aGmYNkgG
AVG	FileRepMetagen [Malware]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Trojan:Win32/Gozi.GF!MTB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Trojan:Win32/Gozi.GF!MTB”?