Trojan:Win32/Occamy.CD4 removal

The Trojan:Win32/Occamy.CD4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Occamy.CD4 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Performs some HTTP requests
Uses Windows utilities for basic functionality
Creates a hidden or system file
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

www.bing.com

grumpyfall.cc

How to determine Trojan:Win32/Occamy.CD4?


File Info:
crc32: DB599636
md5: aa13e132dfbe9fa419c203b0596ee874
name: AA13E132DFBE9FA419C203B0596EE874.mlw
sha1: 34fa8d522cbb5d3db1bd13f81b377ce9f1fc31c8
sha256: d45c2ec267407050d858913fa8b94528baef0a41ee5007710ff866a7faae3f20
sha512: 57c2d0e259eda4b5d1b5c3f23b924e47ee4064e1c90ce936c8846fb86c8ac4767a8877f37c0ce8555538d890e6807a90c6a30ce25b0b221e0e37a789ca928e36
ssdeep: 6144:5NmKOBgB+ZwFaOIe2eVF8Qy4xRemqv37rtdQZEHBZJ/4oa1:5czeFdzxMNd0GBZJ/4x
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Sapphire Ventures xa9. All rights reserved.
InternalName: Facilitatin
FileVersion: 8.7.4.388
CompanyName: Sapphire Ventures
FileDescription: Waitone Penetration Translate Gradle Linen
LegalTrademarks: Sapphire Ventures xa9. All rights reserved.
Comments: Waitone Penetration Translate Gradle Linen
ProductName: Facilitatin
Languages: English
ProductVersion: 8.7.4.388
PrivateBuild: 8.7.4.388
OriginalFilename: Facilitatin
Translation: 0x0409 0x04b0

Trojan:Win32/Occamy.CD4 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Banker1.28481
MicroWorld-eScan	Trojan.GenericKD.31318974
FireEye	Generic.mg.aa13e132dfbe9fa4
CAT-QuickHeal	TrojanSpy.Ursnif
McAfee	Artemis!AA13E132DFBE
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0053fc591 )
BitDefender	Trojan.GenericKD.31318974
K7GW	Trojan ( 0053fc591 )
Cybereason	malicious.2dfbe9
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan-Spy.Win32.Ursnif.abey
Alibaba	TrojanSpy:Win32/Ursnif.21a68c36
NANO-Antivirus	Trojan.Win32.Ursnif.fjtfgk
AegisLab	Trojan.Win32.Ursnif.4!c
Rising	Ransom.Locky!8.1CD4 (CLOUD)
Ad-Aware	Trojan.GenericKD.31318974
Sophos	Mal/Generic-S
Comodo	Malware@#2oxyfisgmw1r6
F-Secure	Heuristic.HEUR/AGEN.1109235
Zillya	Trojan.Ursnif.Win32.3069
TrendMicro	Ransom_HPLOCKY.SME1
McAfee-GW-Edition	BehavesLike.Win32.Emotet.fh
Emsisoft	Trojan.GenericKD.31318974 (B)
GData	Trojan.GenericKD.31318974
Avira	HEUR/AGEN.1109235
Antiy-AVL	Trojan[Spy]/Win32.Ursnif
Arcabit	Trojan.Generic.D1DDE3BE
ZoneAlarm	Trojan-Spy.Win32.Ursnif.abey
Microsoft	Trojan:Win32/Occamy.CD4
Cynet	Malicious (score: 100)
VBA32	TrojanSpy.Ursnif
ALYac	Trojan.GenericKD.31318974
MAX	malware (ai score=83)
Malwarebytes	Trojan.Crypt
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/GenKryptik.CPCG
TrendMicro-HouseCall	Ransom_HPLOCKY.SME1
Tencent	Win32.Trojan-spy.Ursnif.Llqp
Yandex	TrojanSpy.Ursnif!mjV435cBbnM
Ikarus	Trojan-Ransom.GandCrab
Fortinet	W32/GenKryptik.CPCG!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.Spy.027

How to remove Trojan:Win32/Occamy.CD4?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Occamy.CD4 removal