Trojan

Trojan:Win32/Kechang.B!dha removal guide

Malware Removal

The Trojan:Win32/Kechang.B!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Kechang.B!dha virus can do?

  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Attempts to disable browser security warnings
  • Touches a file containing cookies, possibly for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan:Win32/Kechang.B!dha?



File Info:

name: 7D584187E33F58F57D08.mlw
path: /opt/CAPEv2/storage/binaries/7b75a05effe913b7a7a17bedb472e28609dbbc71e4996883f2e0dc0b3020b4c8
crc32: 055E9A39
md5: 7d584187e33f58f57d08becf3cc75b72
sha1: b49edc05658907c888074905ce234bf3cf58d8a0
sha256: 7b75a05effe913b7a7a17bedb472e28609dbbc71e4996883f2e0dc0b3020b4c8
sha512: c81dd61c774a7a4fed561b767c0851edd540feb60419afae3534a861a1e89f44b7cd43ec5cbebfd53cc4492451a9e10bbe5dd380a8aeda67ce8d394ff2693e8e
ssdeep: 1536:DeeCboGct/fP9igTmCxIjbCiXnbiTyySCkXnVvi4RQsZgNyVaZkoo:JCboG2NtxIfCiXb26pRvZ0yMZk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T147B35B1172E1C036F4A6213549ADCBB65E7EF9312B6880CBB3D8063E6E707D09A39757
sha3_384: 6c18de5e858a0156d76a81b6c08930a53396532a7a0a4c7486be07cf8960bcf68dfcba8f5a1a8455c732941b9e1a2b4c
ep_bytes: e89f500000e989feffff8bff558bec51
timestamp: 2015-11-18 08:48:19


Version Info:

0: [No Data]

Trojan:Win32/Kechang.B!dha also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Kechang.4!c
ClamAVWin.Trojan.Agent-6654975-0
SkyhighBehavesLike.Win32.Generic.ch
McAfeeGenericRXEM-HV!7D584187E33F
MalwarebytesMalware.AI.2136929189
VIPREGen:Variant.Jaik.94456
SangforTrojan.Win32.Ke3chang.uljbg
K7AntiVirusTrojan ( 00175fff1 )
AlibabaTrojan:Win32/Kechang.10e1acae
K7GWTrojan ( 00175fff1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36680.hqW@aSFEyIf
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Ketrican.I
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Jaik.94456
NANO-AntivirusTrojan.Win32.Agent.eoyhzg
MicroWorld-eScanGen:Variant.Jaik.94456
AvastWin32:Malware-gen
TencentWin32.Trojan.Redcap.Ytjl
EmsisoftGen:Variant.Jaik.94456 (B)
F-SecureTrojan.TR/Redcap.rzrki
DrWebTrojan.DownLoader24.60028
ZillyaTrojan.Agent.Win32.794665
TrendMicroTROJ_GEN.R002C0DA924
SophosMal/Generic-S
IkarusTrojan.Win32.Kechang
JiangminTrojan.Generic.dmxpg
WebrootW32.Trojan.Agent.Gen
AviraTR/Redcap.rzrki
Antiy-AVLTrojan[APT]/Win32.APT15
Kingsoftmalware.kb.a.960
MicrosoftTrojan:Win32/Kechang.B!dha
XcitiumMalware@#xmc670a3vcph
ArcabitTrojan.Jaik.D170F8
ViRobotTrojan.Win32.S.Agent.116736.KY
ZoneAlarmUDS:Trojan.Win32.Generic
GDataGen:Variant.Jaik.94456
GoogleDetected
AhnLab-V3Dropper/Win32.Agent.C1984834
VBA32BScope.Trojan.Casdet
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DA924
RisingTrojan.Kechang!8.10F7F (TFE:5:H4MwwvN8YhR)
YandexTrojan.GenAsa!Puakr+3/2P4
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AP.D8AA4!tr
AVGWin32:Malware-gen
Cybereasonmalicious.565890
PandaTrj/CI.A

How to remove Trojan:Win32/Kechang.B!dha?

Trojan:Win32/Kechang.B!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment