Trojan

Trojan:Win32/Znyonm removal instruction

Malware Removal

The Trojan:Win32/Znyonm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Znyonm virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Attempted to write directly to a physical drive
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Znyonm?



File Info:

name: 880F7E22BE9DBE587803.mlw
path: /opt/CAPEv2/storage/binaries/78993343af3217943f0bdbb98d7af760a894c8a2594dfc77543735a0d56869af
crc32: A40AFF1B
md5: 880f7e22be9dbe5878032d7043633b68
sha1: 849aaa157d72e9248333325346083c9f5812f18e
sha256: 78993343af3217943f0bdbb98d7af760a894c8a2594dfc77543735a0d56869af
sha512: 1241f6d4f24b5ca2fdc78491d7b0f87bc85bd33cf65dcfc1c85438fffee9af681ecb74fce6e61cc3f7b646f61136a906310847de41eb5d821676c539fa05d815
ssdeep: 24576:dwA7XDxCyXvdCiBlqbTwHKdCu1Dl33wb1ajC4Ky3xyuTfVHlNy8gJ6W:dwGDx1lOT4KdCuDHwb0X3nDxlgMW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14EE5700BA6F9C114F5B2A670DA7582F6156B7F40EB38C58F528F3C5D3478A30AA20767
sha3_384: a609c62d66dbe74c6c253a965cbce4429f82f59656850a301c47040182da04ca161a692e608c4773182b8bfdf64ee85d
ep_bytes: e8fb050000e97afeffff558becf64508
timestamp: 2021-09-06 14:45:35


Version Info:

Comments: https://www.metaquotes.net
CompanyName: MetaQuotes Ltd.
FileDescription: Setup
FileVersion: 5.0.0.3035
InternalName: Setup
LegalCopyright: © 2000-2021, MetaQuotes Ltd.
LegalTrademarks: MetaTrader
OriginalFilename: Setup
ProductName: Setup
ProductVersion: 5.0.0.3035
Translation: 0x0000 0x04b0

Trojan:Win32/Znyonm also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Zusy.540306
FireEyeGen:Variant.Zusy.540306
SkyhighBehavesLike.Win32.Dropper.wh
McAfeeGenericRXAA-AA!880F7E22BE9D
MalwarebytesGeneric.Malware/Suspicious
K7AntiVirusRiskware ( 00584baa1 )
K7GWRiskware ( 00584baa1 )
BitDefenderThetaGen:NN.ZexaF.36802.hx3@aaC7l3ci
SymantecML.Attribute.HighConfidence
APEXMalicious
BitDefenderGen:Variant.Zusy.540306
EmsisoftGen:Variant.Zusy.540306 (B)
VIPREGen:Variant.Zusy.540306
Trapminemalicious.high.ml.score
SophosMal/Generic-S
JiangminTrojan.PSW.Stelega.gj
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Znyonm
ArcabitTrojan.Zusy.D83E92
GDataGen:Variant.Zusy.540306
ALYacGen:Variant.Zusy.540306
Cylanceunsafe
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H09CD24
RisingTrojan.Generic@AI.93 (RDML:uam5CUxIKFD7h4NzOlfljA)
FortinetW32/PossibleThreat
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Znyonm?

Trojan:Win32/Znyonm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment