VirTool:Win32/Injector.EU information

The VirTool:Win32/Injector.EU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VirTool:Win32/Injector.EU virus can do?

Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine VirTool:Win32/Injector.EU?


File Info:
name: 253D6EA203D8DA6B9EC7.mlw
path: /opt/CAPEv2/storage/binaries/fea89419bfacf517f199ea91c62d45d4ef9a0004151021153b18286fdde0fb50
crc32: DC9E0B3F
md5: 253d6ea203d8da6b9ec77c15ef0df50c
sha1: 5f11e4e50452f2eb4720df36da716f6faff0534a
sha256: fea89419bfacf517f199ea91c62d45d4ef9a0004151021153b18286fdde0fb50
sha512: 42c16697a23b5fecba88b230a49abca4f2907f4cf8c542c99fe973baa60ae6d12eaad08f53faca299dadadec626540840270d172f44645436671367bd777a1e6
ssdeep: 6144:Qt6IvnWb9jDXRdJzLmeWXLmuNUQTUhhaR21:QMI+b93BdJzSeWVTUhhaI1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13554D06FB210E028E6785AFE823F582441799CA976720C9831FCB72324AF557B73945F
sha3_384: f8a6b8f7d3163497f9d618440f3e66042ff90c6fa291db830e5bf87a44bc71c395ebf929ca95f5d6a538d319e6ab1763
ep_bytes: 558bec33c05dc3000000000000000000
timestamp: 2006-08-28 06:05:18

Version Info:
CompanyName: Intel Corporation
FileDescription: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
FileVersion: 15.6.1.2
InternalName: AmpPal-R3
LegalCopyright: Copyright © Intel Corporation 2013
OriginalFilename: BTHSAmpPalService.exe
ProductName: Intel® Centrino® Wireless Bluetooth® High Speed
ProductVersion: 15.6.1.0
Translation: 0x0400 0x04b0

VirTool:Win32/Injector.EU also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Panda.655
MicroWorld-eScan	Trojan.Lethic.Gen.7
FireEye	Generic.mg.253d6ea203d8da6b
CAT-QuickHeal	Trojan.Renos.PG
McAfee	PWSZbot-FZB!253D6EA203D8
Zillya	Trojan.Zbot.Win32.335
Sangfor	Trojan.Win32.Generic.ky
Alibaba	VirTool:Win32/Injector.2793d3e8
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
BitDefenderTheta	Gen:NN.ZexaF.34062.ru1@a8JR0Tki
Cyren	W32/Zbot.XRYQ-8892
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Zbot.AAQ
TrendMicro-HouseCall	TSPY_ZBOT.YUYFK
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Lethic.Gen.7
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Tencent	Win32.Trojan.Falsesign.Hoyn
Ad-Aware	Trojan.Lethic.Gen.7
Emsisoft	Trojan.Lethic.Gen.7 (B)
Comodo	TrojWare.Win32.Zbot.JN@61ymqf
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_ZBOT.YUYFK
McAfee-GW-Edition	PWSZbot-FZB!253D6EA203D8
Sophos	Mal/Generic-R + Troj/Zbot-IOM
Paloalto	generic.ml
GData	Trojan.Lethic.Gen.7
Jiangmin	Trojan.Generic.fhlyx
Webroot	W32.Malware.Gen
Avira	TR/Crypt.ZPACK.Gen9
Antiy-AVL	Trojan/Generic.ASMalwS.A784B9
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	VirTool:Win32/Injector.EU
Cynet	Malicious (score: 100)
AhnLab-V3	Spyware/Win32.Zbot.R110110
VBA32	BScope.Trojan.Betabot
ALYac	Trojan.Lethic.Gen.7
MAX	malware (ai score=88)
Cylance	Unsafe
APEX	Malicious
Yandex	TrojanSpy.Zbot!6aTHgmd2Ar4
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Kryptik.AHOB!tr
AVG	Win32:Malware-gen
Cybereason	malicious.203d8d
Panda	Trj/CI.A

How to remove VirTool:Win32/Injector.EU?

VirTool:Win32/Injector.EU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X