Trojan:Win32/Ymacco.AA75 (file analysis)

Malware Removal

The Trojan:Win32/Ymacco.AA75 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Ymacco.AA75 virus can do?

  • Network activity detected but not expressed in API logs

How to determine Trojan:Win32/Ymacco.AA75?


File Info:

crc32: F6C914F4
md5: ae1231b822a2d0234f9e6edf5f6285d6
name: njstartcide.exe
sha1: e083171ae1329dd41cc84ff00e0dfd3fb928fc45
sha256: 75b020d21c01aabdad93611e52ec1326ea4262a5c8867a88d79443e7b53da208
sha512: eac307a39f10b7377ded9bd032236a00630b31ca62316bbbe6b2fbf111fa514d0caabc743a07a3b73e02a2bd85a796b2432232f465ca377a3b85497178c40949
ssdeep: 1536:EPKxxR9/xxLeGEoAvvwrxgix+qRxCux/qxVVdxx7Dcqc65U9jBaZKGQot:SKxxR9/xxyGEoAv4rxgixlRx9/qxVVd
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Rekenvqtd 2013
Assembly Version: 2.1.78.12
InternalName: njstartcide.exe
FileVersion: 2.1.78.12
CompanyName: Rekenvqtd
Comments: Betemkt
ProductName: Ogjuri
ProductVersion: 2.1.78.12
FileDescription: Ogjuri
OriginalFilename: njstartcide.exe

Trojan:Win32/Ymacco.AA75 also known as:

MicroWorld-eScanGen:Variant.Kazy.61410
FireEyeGeneric.mg.ae1231b822a2d023
McAfeeFareit-FVY!AE1231B822A2
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.MSIL.Inject.4!c
SangforMalware
K7AntiVirusTrojan ( 0056a5a11 )
BitDefenderGen:Variant.Kazy.61410
K7GWTrojan ( 0056a5a11 )
Cybereasonmalicious.822a2d
TrendMicroTROJ_GEN.R002C0PGQ20
BitDefenderThetaGen:NN.ZemsilF.34138.em0@aWrNe4i
CyrenW32/Trojan.QHNB-1782
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:PWSX-gen [Trj]
GDataGen:Variant.Kazy.61410
KasperskyHEUR:Trojan.MSIL.Inject.gen
AlibabaTrojan:Win32/csharp.ali2000008
TencentMsil.Trojan.Inject.Lndy
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#30cm3t07dfqx0
F-SecureTrojan.TR/Dropper.MSIL.Gen
Invinceaheuristic
MaxSecureTrojan.Malware.300983.susgen
EmsisoftGen:Variant.Kazy.61410 (B)
IkarusTrojan.MSIL.Crypt
WebrootW32.Trojan.Gen
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Ymacco.AA75
ArcabitTrojan.Kazy.DEFE2
ZoneAlarmHEUR:Trojan.MSIL.Inject.gen
CynetMalicious (score: 85)
ALYacGen:Variant.Kazy.61410
PandaTrj/GdSda.A
ESET-NOD32a variant of MSIL/Kryptik.WTT
TrendMicro-HouseCallTROJ_GEN.R002C0PGQ20
RisingTrojan.Kryptik!8.8 (CLOUD)
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_93%
FortinetMSIL/GenKryptik.EMVN!tr
Ad-AwareGen:Variant.Kazy.61410
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Generic/Trojan.855

How to remove Trojan:Win32/Ymacco.AA75?

Trojan:Win32/Ymacco.AA75 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment