Trojan:Win32/Nanobot!mclg information

The Trojan:Win32/Nanobot!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Nanobot!mclg virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
Drops a binary and executes it
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Attempts to repeatedly call a single API many times in order to delay analysis time
Attempts to modify browser security settings
Attempts to create or modify system certificates
Anomalous binary characteristics

Related domains:

ocsp.digicert.com

crl3.digicert.com

crl4.digicert.com

How to determine Trojan:Win32/Nanobot!mclg?


File Info:
crc32: B6D9BA21
md5: fbda14f36f42a728d9a4718a98e07075
name: FBDA14F36F42A728D9A4718A98E07075.mlw
sha1: c4918993430e7e1fc753b728cb1834becf033ffc
sha256: 85ba700122e35a9457bc1d0fa4ae49123c99efe4906e764b26f83e6f15ff3dcf
sha512: c266f8a84bfee8724c6920fca48239c58dc062ad1b6f9211ebee3f266587ef55211ebbaddcb61fa1910787e01bbd22faf1298de697a2fcc350dbfa2f56339e47
ssdeep: 49152:CAI+jjqddUJ06pidFfGuuA2prnELKGKizmRs41K0VXSBrb6jgB3DhH7tHPy:CAI+jWddUJ0Vl8TrELeiqLKGIC0B3G
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Adobe Inc.                                                                                          
FileDescription: Adobe Installer 15.2.0.35 Installation                      
FileVersion: 15.2.0.35           
Comments: 
CompanyName: Adobe Inc.                                                  
Translation: 0x0409 0x04e4

Trojan:Win32/Nanobot!mclg also known as:

Lionic	Trojan.MSIL.Crysan.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Inject4.14391
ClamAV	Win.Dropper.Nanocore-9189507-1
ALYac	Gen:Variant.Strictor.257106
Cylance	Unsafe
Sangfor	Backdoor.MSIL.Crysan.gen
CrowdStrike	win/malicious_confidence_80% (W)
Alibaba	Backdoor:Win32/Nanobot.1ec5e351
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	UDS:Backdoor.MSIL.Crysan.gen
BitDefender	Gen:Variant.Strictor.257106
NANO-Antivirus	Trojan.Win32.Crysan.ixuodd
MicroWorld-eScan	Gen:Variant.Strictor.257106
Tencent	Msil.Backdoor.Crysan.Ehhy
Ad-Aware	Gen:Variant.Strictor.257106
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZemsilF.34088.jm0@amKTbdh
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R06CC0DGP21
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wc
FireEye	Generic.mg.fbda14f36f42a728
Emsisoft	Gen:Variant.Strictor.257106 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Backdoor.MSIL.ewpa
Avira	HEUR/AGEN.1140653
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Nanobot!mclg
Arcabit	Trojan.Strictor.D3EC52
ZoneAlarm	HEUR:Backdoor.MSIL.Crysan.gen
GData	Gen:Variant.Strictor.257106
AhnLab-V3	Malware/Gen.RL_Reputation.R362744
McAfee	Artemis!FBDA14F36F42
MAX	malware (ai score=88)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Malware.AI.1860350253
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R06CC0DGP21
Ikarus	Trojan.Win32.Cab
MaxSecure	Trojan-Ransom.Win32.Crypmod.zfq
Fortinet	W32/Crysan!tr.bdr
AVG	Win32:RATX-gen [Trj]
Paloalto	generic.ml

How to remove Trojan:Win32/Nanobot!mclg?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Nanobot!mclg information