Trojan

Trojan:Win32/TrickBotCrypt.PQ!MTB removal

Malware Removal

The Trojan:Win32/TrickBotCrypt.PQ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/TrickBotCrypt.PQ!MTB virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.

How to determine Trojan:Win32/TrickBotCrypt.PQ!MTB?



File Info:

crc32: 620B01CC
md5: 67b8974e1fe85aac790c676170db5991
name: 67B8974E1FE85AAC790C676170DB5991.mlw
sha1: 4449d60713c1797eea9376ea4301704d71afcb89
sha256: bf4ae4ae2f499398bfc9a03fcded6b5cfc215f03b67d1a8fbd8af3f3cb5e91c5
sha512: f1b9fe685fa5bd117ef88d51151d8591dde9472b30b4e016bf76b7c7fee003640d4c5186f72da7ea76b9dd96be70fabf14208c540445e67bcc410cf746917289
ssdeep: 12288:YMfVCq3EuoWyae8sOTT/Fe6PJIaVE++5gJONjPi:JfVCAc8sOTT/FeEtVu5gOPi
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2011
InternalName: Markup
FileVersion: 11, 4, 0, 2011
CompanyName: First Objective Software, Inc.
PrivateBuild: 
LegalTrademarks: 
Comments: Test Dialog for CMarkup
ProductName: Markup Application
SpecialBuild: 
ProductVersion: 11, 4, 0, 2011
FileDescription: Markup  Application
OriginalFilename: Markup.exe
Translation: 0x0409 0x04b0

Trojan:Win32/TrickBotCrypt.PQ!MTB also known as:

DrWebTrojan.KillProc2.16372
SangforTrojan.Win32.Trickpak.gen
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:BankerX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Trickpak.gen
BitDefenderTrojan.GenericKD.46656716
MicroWorld-eScanTrojan.GenericKD.46656716
Ad-AwareTrojan.GenericKD.46656716
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.67b8974e1fe85aac
EmsisoftTrojan.GenericKD.46656716 (B)
WebrootW32.Malware.Gen
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/TrickBotCrypt.PQ!MTB
GDataWin32.Trojan-Spy.TrickBot.96FDKF
McAfeeRDN/Trickpak
MAXmalware (ai score=85)
TrendMicro-HouseCallTROJ_FRS.0NA103GL21
IkarusWin32.Outbreak
FortinetW32/Malicious_Behavior.SBX
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml

How to remove Trojan:Win32/TrickBotCrypt.PQ!MTB?

Trojan:Win32/TrickBotCrypt.PQ!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment