About "Win32/GenKryptik.ESRI" infection

The Win32/GenKryptik.ESRI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/GenKryptik.ESRI virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Uses Windows utilities for basic functionality
Sniffs keystrokes
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/GenKryptik.ESRI?


File Info:
crc32: 55E75D22
md5: d213c25eb7528fbc07f48fb9c151f0ed
name: D213C25EB7528FBC07F48FB9C151F0ED.mlw
sha1: 31238a41bd1c75344191476d2e9d0cdbbe209ad7
sha256: ababc29fccbf34ef3fbd7646a9f20635b97f749f849be02bd16d86e087be86a5
sha512: 0a3173bca5fff2c330434ea2f95815c1291ea71e4fec9c2a27cda1839d311c4148e751578a19e8d611e9d8577155b13c5d70e8981e84831550db294ed4a96d5d
ssdeep: 6144:YN2FKp7Q/Ks3FyQhQRrHoFN6WtljaJul+pw8T:s2kp7YFalHoFN6WtljaElI9T
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 1998
InternalName: MyPad
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: MyPad Application
ProductVersion: 1, 0, 0, 1
FileDescription: MyPad MFC Application
OriginalFilename: MyPad.EXE
Translation: 0x0409 0x04b0

Win32/GenKryptik.ESRI also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0057b02c1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader38.37318
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Rincux2
ALYac	DeepScan:Generic.Rincux2.7BEE49EF
Cylance	Unsafe
Zillya	Trojan.GenKryptik.Win32.84484
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Backdoor:Win32/Farfli.0232da9f
K7GW	Trojan ( 0057b02c1 )
Cybereason	malicious.eb7528
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.ESRI
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Farfli-9790741-0
Kaspersky	HEUR:Backdoor.Win32.Farfli.gen
BitDefender	DeepScan:Generic.Rincux2.7BEE49EF
NANO-Antivirus	Trojan.Win32.Farfli.iuhdwg
ViRobot	Trojan.Win32.Z.Farfli.647168.B
MicroWorld-eScan	DeepScan:Generic.Rincux2.7BEE49EF
Ad-Aware	DeepScan:Generic.Rincux2.7BEE49EF
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Magania.A@5wdy5u
BitDefenderTheta	Gen:NN.ZexaF.34690.Nq0@ae5qMJii
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.ZEGOST.SMAL02
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.d213c25eb7528fbc
Emsisoft	DeepScan:Generic.Rincux2.7BEE49EF (B)
Jiangmin	Backdoor.Farfli.eua
Avira	HEUR/AGEN.1142366
Microsoft	Trojan:Win32/Farfli.DSK!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa!s1
AegisLab	Trojan.Win32.DeepScan.4!c
GData	DeepScan:Generic.Rincux2.7BEE49EF
AhnLab-V3	Backdoor/Win.ZEGOST.C4430098
McAfee	GenericRXAA-AA!D213C25EB752
MAX	malware (ai score=84)
VBA32	Backdoor.Lotok
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	Backdoor.Win32.ZEGOST.SMAL02
Rising	Trojan.Kryptik!1.D241 (CLOUD)
Yandex	Trojan.GenKryptik!atMgb7KRYiw
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.73947863.susgen
Fortinet	W32/GenKryptik.EOZH!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml

How to remove Win32/GenKryptik.ESRI?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/GenKryptik.ESRI” infection