About "Trojan:Win32/StealCrypt.AC!MTB" infection

The Trojan:Win32/StealCrypt.AC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/StealCrypt.AC!MTB virus can do?

HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Steals private information from local Internet browsers
Network activity contains more than one unique useragent.
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients

Related domains:

collector-node.us

collector-gate01.us

How to determine Trojan:Win32/StealCrypt.AC!MTB?


File Info:
crc32: 04D7A332
md5: d501b6c4b7e6501fd1634b12e286e225
name: D501B6C4B7E6501FD1634B12E286E225.mlw
sha1: 82798e36fd3c1b0b753d730206944f7d803c31e3
sha256: 07f3b4bb028501044117438f19503d366d8d5a31994122d90b681aa7ffa3d4e4
sha512: c6e543a06f7320b34aea6f103e060e25335ac270ae7f1b3a35b7a8e754c45aa45161be47ae48788974f0bcebb637a1f46f8a44397d5e81257c13b5ed231326f6
ssdeep: 12288:Q01DyGibG4Tf2hjQIxZGyIq4velhqd4MNPvWMHP5bjiQyCf1AksFO+/Y7k9wnu5:Q01DxibG4TOhjQIxwyumlQuMlvWMHP5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan:Win32/StealCrypt.AC!MTB also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.362445
FireEye	Generic.mg.d501b6c4b7e6501f
CAT-QuickHeal	Trojan.BobikPMF.S18066364
Qihoo-360	Win32/TrojanSpy.Bobik.HwoCDPsA
McAfee	GenericRXNM-AS!D501B6C4B7E6
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 005687fb1 )
BitDefender	Gen:Variant.Zusy.362445
K7GW	Spyware ( 005687fb1 )
Cybereason	malicious.6fd3c1
Cyren	W32/Bobic.E.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Malware.Zusy-9812688-0
Kaspersky	HEUR:Trojan-Spy.Win32.Bobik.gen
Alibaba	TrojanSpy:Win32/StealCrypt.117670c0
NANO-Antivirus	Trojan.Win32.Bobik.iiseux
AegisLab	Trojan.Win32.Bobik.l!c
Ad-Aware	Gen:Variant.Zusy.362445
Emsisoft	Gen:Variant.Zusy.362445 (B)
Comodo	Malware@#2kj2h94pi4ddb
F-Secure	Heuristic.HEUR/AGEN.1137972
DrWeb	Trojan.Siggen11.60221
Zillya	Trojan.Bobik.Win32.2205
TrendMicro	TROJ_GEN.R002C0PB321
McAfee-GW-Edition	BehavesLike.Win32.Generic.jh
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.Agent
Jiangmin	TrojanSpy.Bobik.ng
Avira	HEUR/AGEN.1137972
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Spy]/Win32.Bobik
Microsoft	Trojan:Win32/StealCrypt.AC!MTB
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Zusy.D587CD
ZoneAlarm	HEUR:Trojan-Spy.Win32.Bobik.gen
GData	Gen:Variant.Zusy.362445
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Stealer.R355109
BitDefenderTheta	Gen:NN.ZexaF.34804.QqW@aGtHFmb
ALYac	Gen:Variant.Zusy.362445
VBA32	TrojanSpy.Bobik
Malwarebytes	Generic.Trojan.Injector.DDS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Spy.Agent.PYU
TrendMicro-HouseCall	TROJ_GEN.R002C0PB321
Rising	Spyware.Agent!8.C6 (TFE:dGZlOgUioO96G8VIQQ)
Fortinet	W32/GenKryptik.EZNX!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:Win32/StealCrypt.AC!MTB?

Trojan:Win32/StealCrypt.AC!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Trojan:Win32/StealCrypt.AC!MTB” infection