How to remove "Trojan:Win32/Ymacco.AB52"?

The Trojan:Win32/Ymacco.AB52 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Ymacco.AB52 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Performs some HTTP requests
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself
Creates a slightly modified copy of itself
Collects information to fingerprint the system

Related domains:

z.whorecord.xyz

a.tomx.xyz

pastebin.com

cutit.org

q.gs

aporasal.net

How to determine Trojan:Win32/Ymacco.AB52?


File Info:
crc32: A8EF771B
md5: 4f27bced8bf78d17141cfe5716b9b454
name: 4F27BCED8BF78D17141CFE5716B9B454.mlw
sha1: d7aabefd3477d1a4743421e753c8ab47edf5b5c3
sha256: 52c95f41a14d9234214eedafb3ccd2768a66af2a7868912c7f3bbbce204c3265
sha512: 6fd7a8e129570bb210edefe8cc75b9de2e1065227a5da85180e01d8867c2f6d4c5d69aaedee709532cb2ff2d21cad5ac651993cf2a82a8ec8ff6b5a1ff71479a
ssdeep: 24576:LuOFjXakOcDu8aqWSv1vx58lTyKigD6rRSHse:LuOFakO+u83vBx5wyAD6rwHz
type: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:
0: [No Data]

Trojan:Win32/Ymacco.AB52 also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.576052
FireEye	Generic.mg.4f27bced8bf78d17
CAT-QuickHeal	Trojan.Generic
ALYac	Gen:Variant.Razy.576052
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0057372a1 )
BitDefender	Gen:Variant.Razy.576052
K7GW	Trojan ( 0057372a1 )
Cybereason	malicious.d8bf78
BitDefenderTheta	Gen:NN.ZexaF.34804.ZmZ@aa@cnPk
Cyren	W32/S-91c2cc44!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R049C0PB221
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Generic.07c00b79
NANO-Antivirus	Trojan.Win32.Razy.iegtwa
AegisLab	Trojan.Win32.Generic.4!c
Tencent	Malware.Win32.Gencirc.11b23c78
Ad-Aware	Gen:Variant.Razy.576052
Sophos	Mal/Generic-R + Troj/Agent-BFYM
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Heuristic.HEUR/AGEN.1136878
TrendMicro	TROJ_GEN.R049C0PB221
McAfee-GW-Edition	BehavesLike.Win32.Generic.cm
Emsisoft	Gen:Variant.Razy.576052 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.gonhs
Avira	HEUR/AGEN.1136878
Antiy-AVL	Trojan/Win32.Injector
Microsoft	Trojan:Win32/Ymacco.AB52
Arcabit	Trojan.Razy.D8CA34
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Razy.576052
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R263763
McAfee	GenericRXMT-EY!4F27BCED8BF7
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Glupteba.Backdoor.Bruteforce.DDS
Panda	Trj/Genetic.gen
APEX	Malicious
ESET-NOD32	a variant of Win32/Injector.EBQH
Rising	Trojan.Injector!1.D070 (CLASSIC)
Yandex	Trojan.Agent!4fVMOi6dbKk
MAX	malware (ai score=86)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.EBQH!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Trojan.Generic.HxMBAbsA

How to remove Trojan:Win32/Ymacco.AB52?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Trojan:Win32/Ymacco.AB52”?