Trojan

About “Trojan:Win32/Gozi.GT!MTB” infection

Malware Removal

The Trojan:Win32/Gozi.GT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Gozi.GT!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Uses Windows utilities for basic functionality
  • A process attempted to delay the analysis task by a long amount of time.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan:Win32/Gozi.GT!MTB?



File Info:

crc32: 2B862F0C
md5: ff64e9288a7c0ac649b9035979362b9c
name: FF64E9288A7C0AC649B9035979362B9C.mlw
sha1: 01bbc08dfe518de8c6278e643980b43a624ac114
sha256: a10d0656c8467ab5aae76cf74ff82c38e5e54185e78df806e5f2ea7ff718e50c
sha512: e8e58cebd0454882db2c6ad989f0314617718bef4132d466477004e061b9e513fec17777fd44b84e97b780e5a451afc6b58083d9dcbabe6511a69a0883f529ca
ssdeep: 12288:QxHGz7jrsxOZWGvw2uV+HZfyWdAHKHRDhtOJbIP5UsT9GdOxRCeg:jtWGvCV+5QoxhPNT961eg
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 Order 1995-2019
FileVersion: 0.1.5.767
CompanyName: Order
ProductName: Race rise
ProductVersion: 0.1.5.767
FileDescription: Race rise
OriginalFilename: camp.dll
Translation: 0x0409 0x04e4

Trojan:Win32/Gozi.GT!MTB also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Gozi.796
CynetMalicious (score: 90)
ALYacTrojan.GenericKDZ.73567
CylanceUnsafe
AlibabaTrojanSpy:Win32/Ursnif.817a8b50
K7GWSpyware ( 0053a1971 )
K7AntiVirusSpyware ( 0053a1971 )
CyrenW32/Kryptik.DQI.gen!Eldorado
ESET-NOD32Win32/Spy.Ursnif.BX
APEXMalicious
AvastWin32:BankerX-gen [Trj]
BitDefenderTrojan.GenericKDZ.73567
MicroWorld-eScanTrojan.GenericKDZ.73567
Ad-AwareTrojan.GenericKDZ.73567
SophosTroj/Ursnif-EO
ComodoTrojWare.Win32.Agent.obkbm@0
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FRS.0NA103CI21
McAfee-GW-EditionTrojan-FRGC!FF64E9288A7C
FireEyeTrojan.GenericKDZ.73567
EmsisoftTrojan.GenericKDZ.73567 (B)
AviraTR/AD.UrsnifDropper.dqyyh
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Gozi.GT!MTB
ArcabitTrojan.Generic.D11F5F
AegisLabTrojan.Win32.Generic.4!c
GDataTrojan.GenericKDZ.73567
AhnLab-V3Trojan/Win32.GenericKD.C4382849
McAfeeTrojan-FRGC!FF64E9288A7C
MAXmalware (ai score=86)
MalwarebytesSpyware.Ursnif
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_FRS.0NA103CI21
RisingSpyware.Ursnif!8.1DEF (CLOUD)
IkarusTrojan-Spy.Agent
FortinetW32/Banker.X!tr
AVGWin32:BankerX-gen [Trj]
Qihoo-360Win32/TrojanPSW.Gozi.HgkASRAA

How to remove Trojan:Win32/Gozi.GT!MTB?

Trojan:Win32/Gozi.GT!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment