Trojan

Trojan:Win32/Ymacco!pz removal

Malware Removal

The Trojan:Win32/Ymacco!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ymacco!pz virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Ymacco!pz?



File Info:

name: 884DF18A7CACF15A361A.mlw
path: /opt/CAPEv2/storage/binaries/e03b5e9b0c18022aa596081fe869737e3068819922176dc20a61ae9ad8a58ec6
crc32: 60DBCCDD
md5: 884df18a7cacf15a361a6437b965a918
sha1: 017c0707fb5baf7aaf5483363eb124b543450f1a
sha256: e03b5e9b0c18022aa596081fe869737e3068819922176dc20a61ae9ad8a58ec6
sha512: 1ad377dcd3a2576cf68ba0afce2ea13f3e0b2140af12baedb5a53d8d54fe3f6eadb1a6e9e55b2902579864b957a573a9473c3e6287e4c59e257ef8d33a849703
ssdeep: 196608:nC7WbQgCq4rgRNR3q5YJvAYAe9ifYCgCb6:C7SQnrgVaeJIje83n6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB561220B5458077E96105309DFCBAAA046CBD252B75A9DF13C87E2E2F354C36E3296B
sha3_384: 8775e04f55d084322e90d0273a585001a18a1df7b0e8d25782f1925e86da50ddcfed5cd8300341dbd9cafa4fdc8ce93f
ep_bytes: e8a9090000e97afeffff558bec6a00ff
timestamp: 2021-10-12 15:06:17


Version Info:

CompanyName: 随心笔记
FileDescription: 随心笔记
FileVersion: 10.20.22.1
ProductVersion: 10.20.22.1
LegalCopyright: Copyright(C) 2021-2021 LongXunTech.All Rights Reserved.
ProductName: 随心笔记
Translation: 0x0804 0x04b0

Trojan:Win32/Ymacco!pz also known as:

LionicAdware.Win32.ChinDo.2!c
MicroWorld-eScanGen:Variant.Application.Fragtor.89954
FireEyeGen:Variant.Application.Fragtor.89954
CAT-QuickHealPUA.PuamsonRI.S27067674
SkyhighGenericRXRE-PJ!884DF18A7CAC
McAfeeGenericRXRE-PJ!884DF18A7CAC
MalwarebytesGeneric.Malware/Suspicious
ZillyaAdware.ChinDo.Win32.1
AlibabaAdWare:Win32/SuiXin.8b1ba8d5
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/SuiXin.A potentially unwanted
APEXMalicious
Kasperskynot-a-virus:AdWare.Win32.ChinDo.crw
BitDefenderGen:Variant.Application.Fragtor.89954
NANO-AntivirusRiskware.Win32.ChinDo.jnyjex
AvastWin32:MiscX-gen [PUP]
TencentAdware.Win32.Downloader_lr.16000644
EmsisoftGen:Variant.Application.Fragtor.89954 (B)
F-SecureAdware.ADWARE/AD.QjwMonkey.hlwrr
VIPREGen:Variant.Application.Fragtor.89954
TrendMicroTROJ_GEN.R002C0DLT23
SophosGeneric Reputation PUA (PUA)
GDataGen:Variant.Application.Fragtor.89954
JiangminAdWare.Chindo.ap
WebrootW32.Malware.Gen
AviraADWARE/AD.QjwMonkey.hlwrr
MAXmalware (ai score=78)
Antiy-AVLTrojan/Win32.PossibleThreat
ArcabitTrojan.Application.Fragtor.D15F62
ViRobotAdware.Chindo.6391440
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.ChinDo.gen
MicrosoftTrojan:Win32/Ymacco!pz
CynetMalicious (score: 100)
VBA32BScope.Adware.HiddenInstall
ALYacGen:Variant.Application.Fragtor.89954
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DLT23
RisingAdware.Agent!1.D53C (CLASSIC)
IkarusPUA.SuiXin
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/Suixin
AVGWin32:MiscX-gen [PUP]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (D)

How to remove Trojan:Win32/Ymacco!pz?

Trojan:Win32/Ymacco!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment