About "Win32/Injector.ELIR" infection

The Win32/Injector.ELIR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.ELIR virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Expresses interest in specific running processes
Drops a binary and executes it
Attempts to mimic the file extension of a JPG image by having ‘jpg’ in the file name.
Executed a process and injected code into it, probably while unpacking
Code injection with CreateRemoteThread in a remote process
A process attempted to delay the analysis task by a long amount of time.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Operates on local firewall’s policies and settings
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

Bestza.wshells.ws

a.tomx.xyz

How to determine Win32/Injector.ELIR?


File Info:
crc32: 5695C91A
md5: 2f649bc7d6eab98800f5f1d873df4c00
name: image00619_jpg.exe
sha1: 9b19344e604be27c0f549fdaa436c8163c1b56d8
sha256: 57b229af418a66936d7399369a169ef82e211c3d5817d96c0072b226b3716186
sha512: bf33921767d16b885445c2f61f74059b6aab818ec0cf14a6b51e262f934b4bd10f0f3c23e1bf94852c7d193bb9e45d344813c229683cee18db871ad12cc87459
ssdeep: 12288:lbZqJ+db/pbUwTDvtqU+VPWZhBDKF/OGEw3upDqbGJG1i4lm:F4IzofNENJLKugq7
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Injector.ELIR also known as:

MicroWorld-eScan	Trojan.GenericKD.33608078
Qihoo-360	Generic/HEUR/QVM05.1.52F7.Malware.Gen
McAfee	Fareit-FRQ!2F649BC7D6EA
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.IRCbot.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005555ed1 )
BitDefender	Trojan.GenericKD.33608078
K7GW	Trojan ( 005555ed1 )
Cybereason	malicious.e604be
TrendMicro	TrojanSpy.Win32.LOKI.SMDF.hp
F-Prot	W32/Delf.AFP
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Trojan.GenericKD.33608078
Kaspersky	HEUR:Trojan.Win32.IRCbot.gen
Alibaba	Trojan:Win32/DelfInject.ali2000015
ViRobot	Trojan.Win32.Z.Injector.773120.B
Rising	Trojan.Injector!1.AFE3 (CLOUD)
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.33608078 (B)
DrWeb	Trojan.Siggen9.32898
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Fareit.bh
FireEye	Generic.mg.2f649bc7d6eab988
Sophos	Mal/Generic-S
Cyren	W32/Delf.UBBF-7540
Webroot	W32.Trojan.Gen
MAX	malware (ai score=89)
Arcabit	Trojan.Generic.D200D18E
ZoneAlarm	HEUR:Trojan.Win32.IRCbot.gen
Microsoft	Trojan:Win32/Lokibot.ART!MTB
AhnLab-V3	Suspicious/Win.Delphiless.X2059
Acronis	suspicious
VBA32	Trojan.Lokibot
ALYac	Trojan.GenericKD.33608078
Ad-Aware	Trojan.GenericKD.33608078
Malwarebytes	Trojan.MalPack.DLF
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Injector.ELIR
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SMDF.hp
Tencent	Win32.Trojan.Ircbot.Htwe
SentinelOne	DFI – Suspicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	W32/Injector.EESQ!tr
BitDefenderTheta	Gen:NN.ZelphiF.34104.VGW@aWad32ni
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Win32/Injector.ELIR?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/Injector.ELIR” infection