Trojan:Win32/Zombie!rfn removal guide

The Trojan:Win32/Zombie!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Zombie!rfn virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Trojan:Win32/Zombie!rfn?


File Info:
name: 0A5745E9035BA2EB43AD.mlw
path: /opt/CAPEv2/storage/binaries/9bb034ee4c43668e220c56dce736b53a9bdfd1cf00c942ffba6278a5ce658d79
crc32: 022EA2F9
md5: 0a5745e9035ba2eb43ad0445760c27b8
sha1: e4b997eccb8404737196f1ce66c0c6db014b1327
sha256: 9bb034ee4c43668e220c56dce736b53a9bdfd1cf00c942ffba6278a5ce658d79
sha512: af4ed446e6397cc6ac3738181a493bd9b956bc148062ca5c4e664adc1bb0228ab8235c41ef360e28e861a689338219b17067b0698a943d4f84e048b2d189d61c
ssdeep: 192:h6HYDpACUADIY0Br5xjL/VA7AgAQmP1oynLb22vnSd:h64DyBt7Br5xjL9A7AgA71Fbhvn8
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T119C2E82F4B49D5B2D3998035043E2878EA377214AB35FF8BAF15CD1C66376E0E47524A
sha3_384: 22cf8710bcc2ef1a4ac8a4603f5b0e2dd2774a16471a9aa6f7f73ca72185b957d4015611c915fa68451b768f9137ae26
ep_bytes: 4883ec28488d0d15330000e8402d0000
timestamp: 2028-09-17 09:20:52

Version Info:
0: [No Data]

Trojan:Win32/Zombie!rfn also known as:

MicroWorld-eScan	Trojan.GenericKDZ.82965
ALYac	Trojan.GenericKDZ.82965
ClamAV	Win.Malware.Generickdz-9938530-0
Rising	Virus.Zombie!1.AB2A (CLASSIC)
DrWeb	Trojan.Encoder.185
McAfee-GW-Edition	RDN/Generic.dx
Avira	HEUR/AGEN.1216276
Microsoft	Trojan:Win32/Zombie!rfn
Cynet	Malicious (score: 100)
McAfee	RDN/Generic.dx
Ikarus	Trojan.Win32.Zombie
MaxSecure	Trojan.Cosmu.bwts
Fortinet	W64/Encoder.AHE!tr
AVG	Win32:RansomX-gen [Ransom]
Avast	Win32:RansomX-gen [Ransom]

How to remove Trojan:Win32/Zombie!rfn?

Trojan:Win32/Zombie!rfn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X