Trojan

Trojan:Win32/Rozena.GG!MTB removal instruction

Malware Removal

The Trojan:Win32/Rozena.GG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Rozena.GG!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Created a service that was not started

How to determine Trojan:Win32/Rozena.GG!MTB?



File Info:

name: 632395E1B03DB3C64AE6.mlw
path: /opt/CAPEv2/storage/binaries/c2678c7c705ce983f32f494586a469f495b7655768883202aa2a796b75b1c5bf
crc32: 7EBD41FC
md5: 632395e1b03db3c64ae66af3c9996a03
sha1: 9446525005d0060429f73d4c484023b5ceb1620d
sha256: c2678c7c705ce983f32f494586a469f495b7655768883202aa2a796b75b1c5bf
sha512: 6b4076e9dcbd5a1741e2243ab16872b6147289ea551e898532110579ad6d3132d3eba1cebb65982fd20fff6d75b421fd99d62cfbab4ee73de3bfb8dc1dd5613e
ssdeep: 12288:hg99radhgc4O4jsoVutXawlXkcREiIrs1yy25l4AbnsQuSMjswHgzDj2:i9mCcqCEi2s1d25nbnskL/C
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ADB48E10B980C032C67A38344978E7B14D7DBC705F689ADBE798197A5F306C1E639A6F
sha3_384: 0f92d8be7a3e4c950d20764a581430103d88836319edc8a76b0b389d8138487d1062a445a6e09f13eecbad1ed2036369
ep_bytes: e8b5050000e974feffff558bec6a00ff
timestamp: 2022-11-12 09:17:04


Version Info:

0: [No Data]

Trojan:Win32/Rozena.GG!MTB also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGeneric.Malware.LPfoPk!3.0D376A08
CylanceUnsafe
SangforSuspicious.Win32.Save.ins
Cybereasonmalicious.005d00
BitDefenderThetaGen:NN.ZexaF.34796.GuW@aaJ3cxbi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
TrendMicro-HouseCallCryp_Xin1
ClamAVWin.Dropper.Gh0stRAT-7696262-0
BaiduWin32.Backdoor.Farfli.b
VIPREGeneric.Malware.LPfoPk!3.0D376A08
TrendMicroCryp_Xin1
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.632395e1b03db3c6
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.Krypt
GoogleDetected
MicrosoftTrojan:Win32/Rozena.GG!MTB
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Trojan.Skeeyah
MalwarebytesFarFli.Backdoor.Bot.DDS
APEXMalicious
RisingBackdoor.Farfli!1.64B3 (CLASSIC)
SentinelOneStatic AI – Malicious PE
AVGWin32:RATX-gen [Trj]
AvastWin32:RATX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Rozena.GG!MTB?

Trojan:Win32/Rozena.GG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment