Malware

Win32/Injector.Autoit.FEX removal tips

Malware Removal

The Win32/Injector.Autoit.FEX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Injector.Autoit.FEX virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of iSpy Keylogger
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
bot.whatismyipaddress.com

How to determine Win32/Injector.Autoit.FEX?


File Info:

crc32: DD25B74A
md5: 2221134c574484b4ce7b84f563e46c89
name: t.exe
sha1: 20d0522ad7b5e9963eb645d092158294b84c02f5
sha256: 1fd4ff17da4f952df4c8c6419d7f708c3edde65e81adb0e302f27067a4204bc5
sha512: 2e4414dcf19d9d02e983b16cdc134b471d000814614d845c798bbcef09937cfdfbb0504be53a9661dd40cedfca15080ba2f09e9f439aacf398a4f492c3c521a6
ssdeep: 24576:kCdxte/80jYLT3U1jfsWaBUKAm5a2xfhwEjogd7LcQRlYtZrG9CkgCb2pi4kyka:1w80cTsjkWaBUFIbHNjePIJ1Q9FRTN3
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0809 0x04b0

Win32/Injector.Autoit.FEX also known as:

MicroWorld-eScanTrojan.AutoIT.Agent.AAJ
FireEyeGeneric.mg.2221134c574484b4
McAfeeArtemis!2221134C5744
MalwarebytesSpyware.HawkEyeKeyLogger
BitDefenderTrojan.AutoIT.Agent.AAJ
K7GWTrojan ( 0056407f1 )
Cybereasonmalicious.ad7b5e
Invinceaheuristic
F-ProtW32/AutoIt.OH.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.AutoIT.Agent.AAJ
KasperskyTrojan-Spy.MSIL.Heye.nv
AlibabaTrojan:Win32/autoit.ali2000008
ViRobotTrojan.Win32.Z.Autoit.1998336.A
AegisLabTrojan.Win32.Generic.4!e
AvastScript:SNH-gen [Trj]
RisingTrojan.Obfus/Autoit!1.C045 (CLASSIC)
Endgamemalicious (high confidence)
EmsisoftTrojan.AutoIT.Agent.AAJ (B)
F-SecureTrojan.TR/Autoit.rssly
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
MaxSecureTrojan.Malware.300983.susgen
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Injector
CyrenW32/AutoIt.OH.gen!Eldorado
WebrootW32.Trojan.Gen
AviraTR/Autoit.rssly
MAXmalware (ai score=85)
Antiy-AVLGrayWare/Autoit.BinToStr.a
MicrosoftTrojan:Win32/AgentTesla.PC!MTB
ArcabitTrojan.AutoIT.Agent.AAJ
ZoneAlarmTrojan-Spy.MSIL.Heye.nv
Acronissuspicious
ESET-NOD32a variant of Win32/Injector.Autoit.FEX
TrendMicro-HouseCallTROJ_GEN.R002H01DB20
TencentMsil.Trojan-spy.Heye.Hnkr
eGambitUnsafe.AI_Score_79%
FortinetAutoIt/Injector.FCS!tr
AVGScript:SNH-gen [Trj]
PandaTrj/CI.A
Qihoo-360Generic/HEUR/QVM10.2.77C1.Malware.Gen

How to remove Win32/Injector.Autoit.FEX?

Win32/Injector.Autoit.FEX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment