Trojan:Win32/Trickbot.EH!MTB removal tips

Malware Removal

The Trojan:Win32/Trickbot.EH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Trickbot.EH!MTB virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • Looks up the external IP address

Related domains:

api.ipify.org
158.102.105.176.zen.spamhaus.org
158.102.105.176.cbl.abuseat.org
158.102.105.176.b.barracudacentral.org
158.102.105.176.dnsbl-1.uceprotect.net
158.102.105.176.spam.dnsbl.sorbs.net

How to determine Trojan:Win32/Trickbot.EH!MTB?


File Info:

crc32: 9E1B79D5
md5: 03637247f00592c84c61e3a40aa0537a
name: 03637247F00592C84C61E3A40AA0537A.mlw
sha1: 791da349e06f0ec449ca371f02bcbb5f46e93ca9
sha256: 4395417b093e4e54ecd0373827dd3b67caa8a4a52679af7a7467a1cd6d951667
sha512: 8550820edcaf9681770b9c555dd4a24ab73cccfa081407cb0da1e83ab98202d1b3709cbb7827bcf4b2fb0a999d15b9089a4cfd2fc33f33cc4861d9b9530041ac
ssdeep: 12288:DpD/MO2pEPBOENPyB3BrdVYze1b9stDfCXc5n:FPJApLCe1MTd
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: get the gold in the women's
InternalName: get the gold in the women's
FileVersion: 1.0.0.1
CompanyName: get the gold in the women's
ProductName: get the gold in the women's
ProductVersion: 1.0.0.1
FileDescription: get the gold in the women's
OriginalFilename: get the gold in the women'se
Translation: 0x0409 0x04e4

Trojan:Win32/Trickbot.EH!MTB also known as:

K7AntiVirusTrojan ( 005805531 )
LionicTrojan.Win32.Zenpak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.KillProc2.16428
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Zenpak
ALYacTrojan.GenericKD.37332141
CylanceUnsafe
SangforTrojan.Win32.Zenpak.gen
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaTrojan:Win32/Trickbot.0690131c
K7GWTrojan ( 005805531 )
CyrenW32/Zenpak.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLYP
APEXMalicious
AvastFileRepMalware
KasperskyHEUR:Trojan.Win32.Zenpak.gen
BitDefenderTrojan.GenericKD.37332141
MicroWorld-eScanTrojan.GenericKD.37332141
TencentWin32.Trojan.Zenpak.Dkt
Ad-AwareTrojan.GenericKD.37332141
SophosTroj/Trickb-AV
TrendMicroTROJ_GEN.R011C0PH421
McAfee-GW-EditionRDN/Generic.com
FireEyeGeneric.mg.03637247f00592c8
EmsisoftTrojan.GenericKD.37332141 (B)
JiangminTrojan.Zenpak.iac
AviraTR/AD.Emotet.bhmif
MicrosoftTrojan:Win32/Trickbot.EH!MTB
ArcabitTrojan.Generic.D239A4AD
ZoneAlarmHEUR:Trojan.Win32.Zenpak.gen
GDataTrojan.GenericKD.37332141
AhnLab-V3Malware/Win.Generic.C4575118
McAfeeRDN/Generic.com
MAXmalware (ai score=84)
VBA32BScope.Backdoor.Emotet
MalwarebytesTrojan.Crypt
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R011C0PH421
RisingTrojan.Generic@ML.84 (RDML:+shE92lD4i3TAaD3JY7yqg)
IkarusTrojan.Emotet
MaxSecureTrojan.Malware.73832973.susgen
FortinetMalicious_Behavior.SB
AVGFileRepMalware
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.Emotet.HgIASZkA

How to remove Trojan:Win32/Trickbot.EH!MTB?

Trojan:Win32/Trickbot.EH!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment