Malware

Should I remove “Win32/Injector.XYG”?

Malware Removal

The Win32/Injector.XYG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.XYG virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Win32/Injector.XYG?



File Info:

name: F193DAEF24938A523750.mlw
path: /opt/CAPEv2/storage/binaries/8164d0192e846257f77e4a8b600a30992c5631e395145abb75a8aafe78c6e8c8
crc32: F6DBF8C4
md5: f193daef24938a5237504498d03f3157
sha1: e715c7bcb4cdc6384bf0f83a900ac44d853cfd6e
sha256: 8164d0192e846257f77e4a8b600a30992c5631e395145abb75a8aafe78c6e8c8
sha512: a7110b1f7c443d4297fda1f2f366a60b10825e8588923446c466829e05a5ee516649fced5f47dd02ab7da6f511f3f713d06bab0291288b05d2a811135b79e090
ssdeep: 3072:sIjYWOyhB/aYQxwca9EjmAa5MAWKC35AJU0Km4xZqMTwAeK2JjXB:sIqs/gwcaejy+l58U0KeUZbSjx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151141252D5575CF6D98E1FFCC8E5B72C5B7E7FA25CA1C4F8CC810D89A41930029A8AB4
sha3_384: 88081a3d81ff8b3ff2a549637011b774c18e831e6a64986a1424588ff7ad7421b45f8c99e4a81313b7760914b0ebc8a2
ep_bytes: 558bec83c4f0b868424000e8e4f3ffff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: ICQ, LLC.
FileDescription: ICQ
FileVersion: 7.8.0.6800
InternalName: ICQ
LegalCopyright: Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks: 
OriginalFilename: ICQ.exe
ProductName: ICQ
ProductVersion: 7.8.0.6800
DistId: 30015
Translation: 0x0409 0x04b0

Win32/Injector.XYG also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.lzwQ
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.5142
FireEyeGeneric.mg.f193daef24938a52
McAfeePWS-Zbot.gen.aow
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.Generic.ky
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaVirTool:Win32/Obfuscator.9da87a4a
K7GWTrojan ( 0040f2c31 )
K7AntiVirusTrojan ( 0040f2c31 )
VirITTrojan.Win32.Panda.DOJ
CyrenW32/Trojan.SZMN-8919
SymantecPacked.Generic.392
ESET-NOD32a variant of Win32/Injector.XYG
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-62335
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.5142
NANO-AntivirusTrojan.Win32.DownLoad3.dglgqt
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Crypt-OAW [Trj]
TencentMalware.Win32.Gencirc.114c0a14
Ad-AwareGen:Variant.Symmi.5142
EmsisoftGen:Variant.Symmi.5142 (B)
ComodoTrojWare.Win32.Kryptik.NEWA@4rfpbi
DrWebTrojan.PWS.Panda.2401
VIPRETrojan.Win32.Ransomware.B (v)
TrendMicroTSPY_ZBOT.SM16
McAfee-GW-EditionPWS-Zbot.gen.aow
SophosMal/Generic-R + Mal/EncPk-AGD
IkarusTrojan-PWS.Win32.Zbot
GDataGen:Variant.Symmi.5142
JiangminTrojan.Generic.dxcov
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.Gen8
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/Win32.Zbot
ArcabitTrojan.Symmi.D1416
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!CI
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R41152
BitDefenderThetaGen:NN.ZelphiF.34212.mG1@a8AZC3ci
ALYacGen:Variant.Symmi.5142
VBA32Malware-Cryptor.Inject.gen
CylanceUnsafe
TrendMicro-HouseCallTSPY_ZBOT.SM16
RisingTrojan.Crypto!8.364 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Injector.WCT!tr
AVGWin32:Crypt-OAW [Trj]
Cybereasonmalicious.f24938
PandaTrj/Velphi.b

How to remove Win32/Injector.XYG?

Win32/Injector.XYG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment