Trojan:Win32/Occamy.C0A removal

The Trojan:Win32/Occamy.C0A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Occamy.C0A virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Presents an Authenticode digital signature
Creates RWX memory
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Performs some HTTP requests
Creates an autorun.inf file
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Clears Windows events or logs
Creates a copy of itself
Attempts to disable UAC
Attempts to modify UAC prompt behavior
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.myip.com

ocsp.digicert.com

How to determine Trojan:Win32/Occamy.C0A?


File Info:
crc32: 5374241F
md5: 112721221326a651a0213ecb9519e341
name: ztx555.exe
sha1: c140dc95833b198a239c17838a77a844e2e31866
sha256: 0a255eb353ef77a37e45427258d4e2d27b749a93f821cddbeaefbc91916e1606
sha512: 3cc171761db6578f55ffbf239e29b48eb7fe4f2ea535bb66f81f26f8ed3d75772e1d4bf26718fd4b441fea2f1b6231385771a6cf884768620bd7324bb14fa6cf
ssdeep: 24576:LCBvy8kdTSWCCHx0+pMQmCEr6unzF1eljClKncdlCi6/J9K84ie7wGF:LAodTSSOyA6unzSl2ltIxShF
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan:Win32/Occamy.C0A also known as:

Bkav	W32.AIDetectVM.malwareB
Cynet	Malicious (score: 100)
ALYac	Trojan.Ransom.Avaddon
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.34043131
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.5833b1
TrendMicro	Worm.Win32.SULOC.THFAHBO
Cyren	W32/Trojan.WIWD-3306
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Filecoder.Avaddon.A
APEX	Malicious
Paloalto	generic.ml
Alibaba	Trojan:Application/AvaddonRansom.00bc1d71
MicroWorld-eScan	Trojan.GenericKD.34043131
Rising	Dropper.Generic!8.35E (TFE:dGZlOgLVVuFZ8JiEQA)
Ad-Aware	Trojan.GenericKD.34043131
Emsisoft	Adware.Generic (A)
F-Secure	Trojan.TR/AD.AvaddonRansom.nsnlw
DrWeb	Trojan.DownLoader33.56359
McAfee-GW-Edition	Artemis!Trojan
Fortinet	W32/Kryptik.HDZJ!tr
Trapmine	malicious.moderate.ml.score
FireEye	Trojan.GenericKD.34043131
Sophos	Troj/Qbot-FS
Ikarus	Trojan.SuspectCRC
Webroot	W32.Adware.Gen
Avira	TR/AD.AvaddonRansom.nsnlw
MAX	malware (ai score=83)
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D20774FB
Microsoft	Trojan:Win32/Occamy.C0A
AhnLab-V3	Trojan/Win32.RansomCrypt.C4132636
McAfee	Artemis!112721221326
VBA32	BScope.TrojanDownloader.Cridex
Malwarebytes	Trojan.Qbot
TrendMicro-HouseCall	Worm.Win32.SULOC.THFAHBO
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_98%
GData	Trojan.GenericKD.34043131
BitDefenderTheta	Gen:NN.ZexaF.34128.@AX@ausuNMei
AVG	Win32:DangerousSig [Trj]
Avast	Win32:DangerousSig [Trj]
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/Trojan.Ransom.4ba

How to remove Trojan:Win32/Occamy.C0A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Occamy.C0A removal