Trojan:Win32/Ymacco.ABD1 removal

The Trojan:Win32/Ymacco.ABD1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Ymacco.ABD1 virus can do?

Possible date expiration check, exits too soon after checking local time
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan:Win32/Ymacco.ABD1?


File Info:
crc32: A604977B
md5: 18c29dce217646389081803bb9e99a78
name: upload_file
sha1: 410a15a9fb9ec5b0648611e7735d7c4a0792e311
sha256: d114cc0c23ae252a1f3b89ad706b5784e0c962314345d4565354ff7dff9e7883
sha512: 28845dc3563c89fabec749090a5d0e895355b30b1d1b7645c58e6dfe3722f631b4bab2c62cffca137e7bc422a3c5c3432a71fcdd8dfd02b52659bcd8d191d404
ssdeep: 24576:SRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7:kJzdnm4lT8Q1r0pieR7
type: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:
LegalCopyright: (c) .  All rights reserved.
InternalName: CommonUtils.dll
FileVersion: 1.0.0.1
CompanyName: Industrial and Commercial Bank of China
ProductName: CommonUtils
ProductVersion: 1.0.0.1
FileDescription: CommonUtils
OriginalFilename: CommonUtils.dll
Translation: 0x0409 0x04e4

Trojan:Win32/Ymacco.ABD1 also known as:

MicroWorld-eScan	Generic.Application.CoinMiner.1.995B505B
FireEye	Generic.Application.CoinMiner.1.995B505B
CAT-QuickHeal	PUA.CoinminerPMF.S9547169
McAfee	GenericRXAA-AA!18C29DCE2176
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Miner.4!c
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Generic.Application.CoinMiner.1.995B505B
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.e21764
Invincea	heuristic
F-Prot	W32/CoinMiner.BW
Symantec	ML.Attribute.HighConfidence
Paloalto	generic.ml
ClamAV	Win.Coinminer.Generic-7151250-0
GData	Win32.Application.Coinminer.BU
Kaspersky	Trojan.Win32.Miner.assmw
Alibaba	Trojan:Win32/Miner.48859f61
NANO-Antivirus	Riskware.Win32.BtcMine.gmfedn
Avast	Win32:Malware-gen
Rising	Trojan.Miner!8.EA1 (CLOUD)
Endgame	malicious (high confidence)
Emsisoft	Generic.Application.CoinMiner.1.995B505B (B)
Comodo	Application.Win32.CoinMiner.BS@8rlsid
F-Secure	Heuristic.HEUR/AGEN.1133596
DrWeb	Tool.BtcMine.2235
Zillya	Trojan.Miner.Win32.9908
TrendMicro	TROJ_GEN.R004C0PFF20
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
MaxSecure	Trojan.Malware.121218.susgen
Trapmine	malicious.high.ml.score
Sophos	XMRig Miner (PUA)
Ikarus	PUA.CoinMiner
Cyren	W32/CoinMiner.YUOF-4693
Jiangmin	RiskTool.BitCoinMiner.mdf
Avira	HEUR/AGEN.1133596
Antiy-AVL	Trojan/Win32.Miner
Arcabit	Generic.Application.CoinMiner.1.995B505B
ZoneAlarm	Trojan.Win32.Miner.assmw
Microsoft	Trojan:Win32/Ymacco.ABD1
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.CoinMiner.R336602
VBA32	BScope.Trojan.Miner
MAX	malware (ai score=89)
Ad-Aware	Generic.Application.CoinMiner.1.995B505B
Malwarebytes	Trojan.BitCoinMiner
ESET-NOD32	a variant of Win32/CoinMiner.ES potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R004C0PFF20
Tencent	Malware.Win32.Gencirc.10ba432e
Yandex	Riskware.Agent!
Fortinet	W32/CryptoMiner.L!tr
BitDefenderTheta	Gen:NN.ZexaF.34128.dnKfaGnQuqoi
AVG	Win32:Malware-gen
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.e8d

How to remove Trojan:Win32/Ymacco.ABD1?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Ymacco.ABD1 removal