Trojan:Win32/Upatre removal tips

The Trojan:Win32/Upatre is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Upatre virus can do?

Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Network activity detected but not expressed in API logs
Creates a slightly modified copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan:Win32/Upatre?


File Info:
crc32: DBE405DA
md5: 3f11c8cf00b421db710bab643fc43025
name: 3F11C8CF00B421DB710BAB643FC43025.mlw
sha1: 7e9c638f35f49ee364b72c1471d7f2c8d39a0916
sha256: 62cc5e0d5abf64d07bdc142f7920c4a366a3054ad25529be4d9a798c7cd27658
sha512: c61e1463325fbd1deb45b325d5f82cf7ef30af711157acea7dda18041c478d545e1b267df6a9f6bff396c33a5409f936c115673c26a3939c6947e65914b82211
ssdeep: 6144:8Vlw9brLnSogvpC2PVGsFdW1BjaJ2DGAVWQUgbkMQgwFyM6dUmKNjm8bWfsHVJ:Zbfn3epC2PVFdW1BDpDagwFyMVEkj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 2006 Microsoft Corporation.  All rights reserved.
InternalName: WinWord
FileVersion: 12.0.4518.1014
CompanyName: Microsoft Corporation
LegalTrademarks1: Microsoftxae is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windowsxae is a registered trademark of Microsoft Corporation.
ProductName: 2007 Microsoft Office system
ProductVersion: 12.0.4518.1014
FileDescription: Microsoft Office Word
OriginalFilename: WinWord.exe
Translation: 0x0000 0x04e4

Trojan:Win32/Upatre also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Lethic.Gen.4
FireEye	Generic.mg.3f11c8cf00b421db
CAT-QuickHeal	Trojan.Mauvaise.SL1
McAfee	GenericRXLH-OM!3F11C8CF00B4
Cylance	Unsafe
Sangfor	Malware
BitDefender	Trojan.Lethic.Gen.4
Cybereason	malicious.f00b42
TrendMicro	TROJ_GEN.R06CC0DKI20
Cyren	W32/Agent.AOF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Malware.Bskd-9753126-0
Kaspersky	HEUR:Trojan.Win32.Generic
Rising	Trojan.Salgorea!1.BAD6 (CLASSIC)
Ad-Aware	Trojan.Lethic.Gen.4
Emsisoft	Trojan.Lethic.Gen.4 (B)
Comodo	TrojWare.Win32.TrojanDropper.Agent.QQR@5t8sw7
F-Secure	Heuristic.HEUR/AGEN.1113061
DrWeb	Trojan.MulDrop15.59569
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Salgorea
Jiangmin	Trojan.Generic.dncbk
Avira	HEUR/AGEN.1113061
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Dropper]/Win32.Agent.mosn
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Upatre
Arcabit	Trojan.Lethic.Gen.4
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win32.Trojan.Salgorea.B
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C645160
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34634.Eq0@aiqw0Dpi
ALYac	Trojan.Lethic.Gen.4
VBA32	BScope.Trojan.Salgorea
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.QRV
TrendMicro-HouseCall	TROJ_GEN.R06CC0DKI20
Yandex	Trojan.GenAsa!rBpY9YUDYCs
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_98%
Fortinet	W32/Agent.RRQ!tr
AVG	Win32:Agent-AYZG [Cryp]
Avast	Win32:Agent-AYZG [Cryp]
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan:Win32/Upatre?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Upatre removal tips