How to remove “VHO:Trojan.Win64.CallMeRoot”?

The VHO:Trojan.Win64.CallMeRoot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VHO:Trojan.Win64.CallMeRoot virus can do?

Authenticode signature is invalid

How to determine VHO:Trojan.Win64.CallMeRoot?


File Info:
name: 62296765A5DBEF178E28.mlw
path: /opt/CAPEv2/storage/binaries/ba8928404130ec6c3d5c857eb987aa9ec695d3f85e629b07b9c426e23f792667
crc32: 09052C9C
md5: 62296765a5dbef178e28efdec9ba9a5e
sha1: a494fdef344f3167278cf2469e58cd4da2d71ae2
sha256: ba8928404130ec6c3d5c857eb987aa9ec695d3f85e629b07b9c426e23f792667
sha512: 6e62492222700af58bd154aea0ffc9e25fd08a520e43ddfb5db762c79432f06157ac3d3d0fff07f53da7d8c306ff4a9961c76ddeda5903a2704175038b2c83dc
ssdeep: 768:1kcfYSXP82SwaSj/G2lpA7pFBNKKcA3c0vsFb:6IVpa0G2lpIFlc2E
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T180F34B01B9A5CC36E89102311CB497619B7DBC135AB4E7977BD8238E5EF30E07A14B9B
sha3_384: 5ffee91b7ca80e3e04c0a68474d6dfbe8f205a8f8eef7563c00a642b1fe35487e96c3cff883e12600abe867c9bbb3f14
ep_bytes: e86a120000e97bfeffff3b0d50300400
timestamp: 2018-05-07 21:38:10

Version Info:
0: [No Data]

VHO:Trojan.Win64.CallMeRoot also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ransom.GandCrab.913
FireEye	Generic.mg.62296765a5dbef17
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	Gen:Variant.Ransom.GandCrab.913
Cylance	Unsafe
VIPRE	Gen:Variant.Ransom.GandCrab.913
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.5a5dbe
Cyren	W32/Kryptik.HKH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GXKS
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win64.CallMeRoot.gen
BitDefender	Gen:Variant.Ransom.GandCrab.913
Avast	Win32:RansomX-gen [Ransom]
Ad-Aware	Gen:Variant.Ransom.GandCrab.913
Emsisoft	Gen:Variant.Ransom.GandCrab.913 (B)
Comodo	TrojWare.Win32.Chapak.GO@7o85ni
McAfee-GW-Edition	GenericRXGI-RO!62296765A5DB
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
Avira	TR/Crypt.EPACK.Gen2
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Generic.ASMalwS.515D
Microsoft	Trojan:Win32/Meterpreter!ml
GData	Gen:Variant.Ransom.GandCrab.913
Google	Detected
AhnLab-V3	Trojan/Win32.Gandcrab.C2499364
McAfee	GenericRXGI-RO!62296765A5DB
Malwarebytes	Malware.AI.1878503659
Rising	Ransom.GandCrab!8.F355 (TFE:5:uaUAWKpdsLC)
Yandex	Trojan.GenAsa!sEQ6NA0nfs4
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GXKS!tr
BitDefenderTheta	AI:Packer.4CF2BA0D1E
AVG	Win32:RansomX-gen [Ransom]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_90% (D)

How to remove VHO:Trojan.Win64.CallMeRoot?

VHO:Trojan.Win64.CallMeRoot removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X