Malware

Should I remove “Win32/Injector.EMNR”?

Malware Removal

The Win32/Injector.EMNR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EMNR virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Win32/Injector.EMNR?



File Info:

crc32: 83CA7485
md5: 411ec5dae3e09031413dda12a266120a
name: fontdrchost.exe
sha1: 3da41cfb3cc8610310ffca262441c25060bcc8ca
sha256: f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5
sha512: 340db3d60e2038dd2b6110f16ad163185c0c92f09ca45872d8073ac6b1180c67ee5ec285b539ebac94941976a864e88dfef72b4442e763acef5cc16d083e5e8f
ssdeep: 24576:YoRXoEJBboIn+Oxw3vnghxCBYGB6UeaJiknjwrJpSpYk+wfyWVQbCe6bK8NiGWCF:YU7tw3vghxuBBveaJiknjaJpSpMw6WOC
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Win32/Injector.EMNR also known as:

MicroWorld-eScanTrojan.Delf.FareIt.Gen.7
FireEyeGeneric.mg.411ec5dae3e09031
McAfeeFareit-FTB!411EC5DAE3E0
CylanceUnsafe
BitDefenderTrojan.Delf.FareIt.Gen.7
Cybereasonmalicious.b3cc86
Invinceaheuristic
BitDefenderThetaGen:NN.ZelphiF.34130.BHW@aGqJ@eii
F-ProtW32/Injector.ABY.gen!Eldorado
SymantecML.Attribute.HighConfidence
GDataTrojan.Delf.FareIt.Gen.7
Ad-AwareTrojan.Delf.FareIt.Gen.7
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.Delf.FareIt.Gen.7 (B)
SentinelOneDFI – Suspicious PE
CyrenW32/Injector.ABY.gen!Eldorado
Endgamemalicious (high confidence)
ArcabitTrojan.Delf.FareIt.Gen.7
MicrosoftTrojan:Win32/Wacatac.C!ml
CynetMalicious (score: 100)
AhnLab-V3Suspicious/Win.Delphiless.X2084
ALYacTrojan.Delf.FareIt.Gen.7
APEXMalicious
ESET-NOD32a variant of Win32/Injector.EMNR
RisingTrojan.Injector!8.C4 (TFE:dGZlOgVjj4VUPpd7Gg)
MAXmalware (ai score=86)
eGambitUnsafe.AI_Score_87%
FortinetW32/Injector.EMNU!tr
AVGFileRepMalware
Qihoo-360HEUR/QVM05.1.4C1B.Malware.Gen

How to remove Win32/Injector.EMNR?

Win32/Injector.EMNR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment