Malware

Win32/Injector.EOIX removal guide

Malware Removal

The Win32/Injector.EOIX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Injector.EOIX virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
  • A process created a hidden window
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Looks up the external IP address
  • Queries information on disks, possibly for anti-virtualization
  • Sniffs keystrokes
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
api.ipify.org
time-a.nist.gov
time-a-g.nist.gov
time.nist.gov

How to determine Win32/Injector.EOIX?


File Info:

crc32: 5DAEBDE5
md5: 3719c2d7abe621d208c853cc425861d2
name: 3719C2D7ABE621D208C853CC425861D2.mlw
sha1: 3f317891a950a1a5e01b7e10715f8d62e5cf0f1f
sha256: 4177267c7688e0a4879695e76b87c4f00f91189a318288c9345a2fb3a9d50664
sha512: d43c7487903a043cdd73fe3de3cdd87f9fe40277cdad55356061f6771b76f427049d5354b9c8f308badc946f451070d281d0421e9f8623d6922e7c59a10ae449
ssdeep: 12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXQ:FW0yreAkpzP/QCAjkTmbOwYRZg
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Injector.EOIX also known as:

K7AntiVirusTrojan ( 005784cf1 )
LionicTrojan.Win32.Safebits.b!c
Elasticmalicious (high confidence)
DrWebTrojan.Proxy2.1804
ClamAVWin.Dropper.Bunitu-9827175-0
CAT-QuickHealTrojan.WacatacIH.S18390559
ALYacGen:Heur.Mint.Titirez.pHX@belTxXmc
CylanceUnsafe
ZillyaTrojan.Qshell.Win32.178
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/Qakbot.78326c47
K7GWTrojan ( 005784cf1 )
Cybereasonmalicious.7abe62
CyrenW32/Trojan.PBSS-1126
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EOIX
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 99)
KasperskyHEUR:Trojan-Dropper.Win32.Safebits.gen
BitDefenderGen:Heur.Mint.Titirez.pHX@belTxXmc
NANO-AntivirusTrojan.Win32.Convagent.iirqpx
MicroWorld-eScanGen:Heur.Mint.Titirez.pHX@belTxXmc
TencentMalware.Win32.Gencirc.10ce38c9
Ad-AwareGen:Heur.Mint.Titirez.pHX@belTxXmc
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Autorun.tm
FireEyeGeneric.mg.3719c2d7abe621d2
EmsisoftGen:Heur.Mint.Titirez.pHX@belTxXmc (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Kryptik.avvnn
MicrosoftTrojan:Win32/Qakbot.GKM!MTB
GDataGen:Heur.Mint.Titirez.pHX@belTxXmc
AhnLab-V3Malware/Gen.Reputation.C4314744
McAfeeGenericRXPW-UN!3719C2D7ABE6
MAXmalware (ai score=100)
VBA32BScope.Trojan.Bsymem
MalwarebytesMalware.AI.799113115
PandaTrj/CI.A
RisingDropper.Agent!1.D1ED (CLASSIC)
YandexTrojan.Convagent!Wq/ExCpgPwY
IkarusTrojan.Win32.Injector
FortinetW32/Kryptik.EPIZ!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/Injector.EOIX?

Win32/Injector.EOIX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment