Malware

VirTool:Win32/ColorUAC.A!MTB removal instruction

Malware Removal

The VirTool:Win32/ColorUAC.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/ColorUAC.A!MTB virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Binary file triggered YARA rule

How to determine VirTool:Win32/ColorUAC.A!MTB?



File Info:

name: E5A75EF124D13C43126F.mlw
path: /opt/CAPEv2/storage/binaries/2d9dbac4cfc3a9676454ddcae5e4d595509af195177eae680b1f953223973f75
crc32: 8BA5FB0B
md5: e5a75ef124d13c43126f9c20dd9892f9
sha1: 98eadc4be6f8df785ae5668a623c66ce46e8b366
sha256: 2d9dbac4cfc3a9676454ddcae5e4d595509af195177eae680b1f953223973f75
sha512: f4a56a70814e8bc03b5596ba440d70be773db021d3486b7be2b1bacc492212f3fe7f4a2fd5fa22c459c6d67e6a7ce73262331539cc50e1c49dfbfcb339d8a074
ssdeep: 3072:cjKcdlDUCvoDszYnjYcDGUDkNRAN+74mU6qyBNah5huoMDI:cOOUCvoDszYnjYcDGUDk3Mq6qqu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F245B30E611C039F69200B66DE598F1A4B87EB04B8E00F372D55BADE53A3F6563275B
sha3_384: daf03473a83cfc3ee05b97f2736c74660de400898cc48b58c9f1a784896b90521f38aa1d586243e0d5aa62b5dd705980
ep_bytes: e9f5600000e9e0fb0100e9eb710000e9
timestamp: 2021-07-21 09:36:30


Version Info:

CompanyName: CD Project Rekt
FileDescription: Pentesting utility
FileVersion: 3.5.5.2103
InternalName: Akagi
LegalCopyright: Copyright ©  2014 - 2021 CD Project Rekt
OriginalFilename: Akagi.exe
ProductName: UACMe
ProductVersion: 3.5.5.2103
Translation: 0x0409 0x04b0

VirTool:Win32/ColorUAC.A!MTB also known as:

LionicTrojan.Win32.Marte.3!c
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.Trojan.Pass.Marte.A.5C9BE520
SkyhighBehavesLike.Win32.Dropper.dm
McAfeeGenericRXPA-KM!E5A75EF124D1
MalwarebytesGeneric.Malware.AI.DDS
ZillyaExploit.UAC.Win32.387
SangforHacktool.Win32.Uac.Vhrc
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.124d13
ArcabitGeneric.Trojan.Pass.Marte.A.5C9BE520
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/HackTool.UACMe.Y
ClamAVWin.Tool.Ulise-10001984-0
KasperskyHEUR:Exploit.Win32.UAC.vho
BitDefenderGeneric.Trojan.Pass.Marte.A.5C9BE520
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11787eca
EmsisoftGeneric.Trojan.Pass.Marte.A.5C9BE520 (B)
F-SecureHeuristic.HEUR/AGEN.1310507
VIPREGeneric.Trojan.Pass.Marte.A.5C9BE520
TrendMicroTROJ_GEN.R03BC0DBG24
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.e5a75ef124d13c43
SophosMal/Generic-S
IkarusTrojan.Win32.HackTool
JiangminExploit.UAC.rz
WebrootW32.Malware.Gen
GoogleDetected
AviraHEUR/AGEN.1310507
VaristW32/ABRisk.XOET-9089
Antiy-AVLTrojan/Win32.Generic
Kingsoftwin32.troj.undef.a
MicrosoftVirTool:Win32/ColorUAC.A!MTB
ZoneAlarmHEUR:Exploit.Win32.UAC.vho
GDataGeneric.Trojan.Pass.Marte.A.5C9BE520
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.UK.C4474157
VBA32Exploit.UAC
ALYacGeneric.Trojan.Pass.Marte.A.5C9BE520
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R03BC0DBG24
RisingExploit.UAC!8.107CD (CLOUD)
YandexRiskware.UACMe!vVUvOuVrmk4
MaxSecureTrojan.Malware.74667509.susgen
FortinetW32/UAC.VHO!exploit
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudExploit:Win/UACMe.Y

How to remove VirTool:Win32/ColorUAC.A!MTB?

VirTool:Win32/ColorUAC.A!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment