Malware

About “Win32/Injector.CJVZ” infection

Malware Removal

The Win32/Injector.CJVZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.CJVZ virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Sniffs keystrokes
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Win32/Injector.CJVZ?


File Info:

crc32: 6564AD3E
md5: 07ea759401bfc4ba55d59fefab995d92
name: 07EA759401BFC4BA55D59FEFAB995D92.mlw
sha1: 70081a812190aaa077aa56221c6a5a275b753ea4
sha256: 7a3e252efd7d7ee15ed0215058c5fff5e0d47fe85dfa531be6b3e0eed62980d1
sha512: f33f0ae088664852d5aa4128b3bdc540116cc84a077879d7fa65f223a119a4d2dfe4dd792c2dfdd458dfcaaa666bf1e4006b9dba456a1e1bbef48d1ae5129e78
ssdeep: 3072:8Fl5/bccJiwqLwkLNojsygcYsPrcR0rCFM5gyGQ3LPWqNxh7Vac9hJGLtE:8zdHwwqLwkLNOPrw0raMRGQbPJNxhH9F
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x7248x6743x6240x6709(C) 2020
InternalName: loader
FileVersion: 1, 0, 0, 1
CompanyName: yida
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: yida loader
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: loader
OriginalFilename: loader.dat
Translation: 0x0804 0x04b0

Win32/Injector.CJVZ also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 004d35321 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader35.10669
ClamAVWin.Dropper.PoisonIvy-9876745-0
ALYacGen:Trojan.Heur.JP.lq1@aKWl5Hjb
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004d35321 )
Cybereasonmalicious.401bfc
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.CJVZ
APEXMalicious
AvastWin32:FileinfectorX-gen [Trj]
CynetMalicious (score: 100)
KasperskyUDS:Backdoor.Win32.Farfli
BitDefenderGen:Trojan.Heur.JP.lq1@aKWl5Hjb
NANO-AntivirusTrojan.Win32.Ardamax.cojase
MicroWorld-eScanGen:Trojan.Heur.JP.lq1@aKWl5Hjb
Ad-AwareGen:Trojan.Heur.JP.lq1@aKWl5Hjb
ComodoHeur.Packed.MultiPacked@1z141z3
BitDefenderThetaAI:Packer.76D2417E1F
McAfee-GW-EditionBehavesLike.Win32.Backdoor.cc
FireEyeGeneric.mg.07ea759401bfc4ba
EmsisoftGen:Trojan.Heur.JP.lq1@aKWl5Hjb (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Farfli.edo
AviraHEUR/AGEN.1110185
eGambitUnsafe.AI_Score_94%
MicrosoftTrojan:Win32/Farfli.DSK!MTB
GridinsoftMalware.Win32.Gen.bot!se3406
ArcabitTrojan.Heur.JP.E1EB8C
GDataGen:Trojan.Heur.JP.lq1@aKWl5Hjb
AhnLab-V3Win32/ExprPacked.suspicious
Acronissuspicious
McAfeeGeneric Malware.dq
MAXmalware (ai score=84)
VBA32BScope.Backdoor.Farfli
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Generic@ML.97 (RDML:hfMhgoN3JtRbpRlvYRLYdQ)
YandexTrojan.GenAsa!h5z7SD0BGl0
IkarusBackdoor.Win32.Bifrose
FortinetW32/Generic.AC.235451!tr
AVGWin32:FileinfectorX-gen [Trj]
Paloaltogeneric.ml

How to remove Win32/Injector.CJVZ?

Win32/Injector.CJVZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment