Trojan

Trojan:Win32/Trickbot removal instruction

Malware Removal

The Trojan:Win32/Trickbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Trickbot virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A named pipe was used for inter-process communication
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
checkip.amazonaws.com
89937AF6285A1882F229530DC3A04498AFB9BA96D8D7DAD1D6CBE6DDD7CA96F.8D7DDC0F1D8CBCBD0CAD6D794E9FAE6EE8F888E8F898897FCF8F88B898EFA89.FA808889FFFA8A8F818D8189FAFC8E80FD8EFDFAFBFBFF8F968996EED0D7DDD.6CECA998E99C1818FEAE988968889898896888A.chishir.com
892F7A6DAABE9EBCF6342842D9C101C199B9BA96D8D7DAD1D6CBE6DDD7CA96F.8D7DDC0F1D8CBCBD0CAD6D794E9FAE6EE8F888E8F898897FCF8F88B898EFA89.FA808889FFFA8A8F818D8189FAFC8E80FD8EFDFAFBFBFF8F968996EED0D7DDD.6CECA998E99C1818FEAE988968889898896888A.chishir.com
8976D36A9302CAD0FB3E1370D0F0DF09DDB9BA96D8D7DAD1D6CBE6DDD7CA96F.8D7DDC0F1D8CBCBD0CAD6D794E9FAE6EE8F888E8F898897FCF8F88B898EFA89.FA808889FFFA8A8F818D8189FAFC8E80FD8EFDFAFBFBFF8F968996EED0D7DDD.6CECA998E99C1818FEAE988968889898896888A.chishir.com
89F6B0EE6AFA70CDF43C9E64E32F9FCCD3B9BA96D8D7DAD1D6CBE6DDD7CA96F.8D7DDC0F1D8CBCBD0CAD6D794E9FAE6EE8F888E8F898897FCF8F88B898EFA89.FA808889FFFA8A8F818D8189FAFC8E80FD8EFDFAFBFBFF8F968996EED0D7DDD.6CECA998E99C1818FEAE988968889898896888A.chishir.com

How to determine Trojan:Win32/Trickbot?



File Info:

crc32: 2D1EDE89
md5: ae48b4d1d0da879512b495ec1f80cf67
name: service.exe
sha1: b388243bf5899c99091ac2df13339f141659bbd4
sha256: b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329
sha512: 463df35f9275cd96a65d6db32ab33d8664daa413e4d0ff8c2da670c804468c8b8181db3a140f5d156300701b0647e52c0d15042ff81cb72bbac8e32f4aa643d4
ssdeep: 3072:7/gh9/7DnAiGOVnywTvTY/PCHc0DChGx5E1hJAPJ5z6kb/SrKS:zu9/7Dn/nywPYXJ0DWU5IkzNDSGS
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan:Win32/Trickbot also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanTrojan.GenericKD.41447928
Qihoo-360Win32/Trojan.612
ALYacTrojan.Trickster.Gen
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Agentb.4!c
SangforMalware
K7AntiVirusTrojan ( 0054f19d1 )
BitDefenderTrojan.GenericKD.41447928
K7GWTrojan ( 0054f19d1 )
Cybereasonmalicious.bf5899
TrendMicroTROJ_GEN.R002C0PFF19
BitDefenderThetaGen:NN.ZexaF.34090.kCW@aO@Hkloi
CyrenW32/Agent.BEG.gen!Eldorado
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0PFF19
AvastWin32:Trojan-gen
ClamAVWin.Trojan.AnchorbotDNS-7509406-0
GDataTrojan.GenericKD.41447928
KasperskyTrojan.Win32.Agentb.jtpk
AlibabaTrojan:Win32/Generic.55a25f22
NANO-AntivirusTrojan.Win32.Drop.frvorf
RisingTrojan.Agent!8.B1E (CLOUD)
Ad-AwareTrojan.GenericKD.41447928
SophosTroj/Agent-BDGW
ComodoMalware@#tadk1x9vl1yz
F-SecureTrojan.TR/Drop.Agent.did
DrWebTrojan.MulDrop9.12176
ZillyaTrojan.Agent.Win32.1104680
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.BrowseFox.ch
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.ae48b4d1d0da8795
EmsisoftTrojan.GenericKD.41447928 (B)
APEXMalicious
F-ProtW32/Agent.BEG.gen!Eldorado
JiangminTrojan.Agentb.fev
WebrootW32.Trojan.Gen
AviraTR/Drop.Agent.did
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Agentb
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D27871F8
ZoneAlarmTrojan.Win32.Agentb.jtpk
MicrosoftTrojan:Win32/Trickbot
SentinelOneDFI – Suspicious PE
AhnLab-V3Trojan/Win32.Vigorf.R295542
McAfeeGenericRXIH-QA!AE48B4D1D0DA
VBA32BScope.Trojan.MulDrop
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Agent.AARN
TencentWin32.Trojan.Agentb.Lohs
IkarusTrojan.Win32.Agent
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.AARN!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.7175203.susgen

How to remove Trojan:Win32/Trickbot?

Trojan:Win32/Trickbot removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment