Trojan:Win32/Vastloust.A removal tips

The Trojan:Win32/Vastloust.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Vastloust.A virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Dynamic (imported) function loading detected
• Reads data out of its own binary image
• A process created a hidden window
• Executed a very long command line or script command which may be indicative of chained commands or obfuscation
• Drops a binary and executes it
• Authenticode signature is invalid
• A scripting utility was executed
• Uses Windows utilities for basic functionality
• Uses Windows utilities for basic functionality
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• Created a process from a suspicious location
• Installs itself for autorun at Windows startup
• Stores JavaScript or a script command in the registry, likely for fileless persistence
• A script process created a new process
• A cryptomining command was executed
• Created network traffic indicative of malicious activity

Related domains:

How to determine Trojan:Win32/Vastloust.A?

File Info:
name: 5D90574572D701721C0C.mlw
path: /opt/CAPEv2/storage/binaries/1c79983d6d1b703ee4cc702e2cba19ddc3a737830690bb334190169a2322dcc0
crc32: 6F9AA168
md5: 5d90574572d701721c0c977b690f6633
sha1: d39afef7440516ba4b0c066f8996ae7e602d305a
sha256: 1c79983d6d1b703ee4cc702e2cba19ddc3a737830690bb334190169a2322dcc0
sha512: 7f4efd3109a31a34424120f9ef7b2723394a8ff4a58ea335c7e25f01c67c417a6427685ebf4e538f70d89b07e722fbf8fe0d0be38421662544ad76285b4c6967
ssdeep: 98304:zP8ZCuT9mN/iMRtOmV6IDJXwz85C3A8fflgJbjAUwsub7MBaoyy+m826:zPUCuZS/iMRtOi6I2z8IPaJ/AUpg7g1G
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F363344C9BD8A27F730AD7A21B2770AA236D6B460B7F13357A4DDA1B6C09C14B06763
sha3_384: e0a1080aacd0524df7e2f6e6961fb8c9bd04d05eb728b0300426e0a75298c20b0468ca4a06def828afb72cd1d09ae2d4
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-02-21 19:46:34

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: http://www.maxuninstaller.com/                              
FileDescription: Max Uninstaller Setup                                       
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Max Uninstaller                                             
ProductVersion: 3.0                 
Translation: 0x0000 0x04b0

Trojan:Win32/Vastloust.A also known as:

How to remove Trojan:Win32/Vastloust.A?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.