Categories: Malware

Win32/Kryptik.GHAE removal guide

The Win32/Kryptik.GHAE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GHAE virus can do?

Executable code extraction
Creates RWX memory
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

How to determine Win32/Kryptik.GHAE?


File Info:
crc32: 4EAEA989md5: dcb90edf37aaca0c2e6f8685e6b702acname: DCB90EDF37AACA0C2E6F8685E6B702AC.mlwsha1: 19790869d2c7eb859832cbed214feb8feebc8159sha256: c28ae00f6f5d01b34ecb05255dfa25275955d34cd0ff07129d077f166cbd49cfsha512: c402faac6827cad323bbe9248ac2820d848280f93ddfb8804a79ef0c2e06fca7cc3cbd383e3f5f080555b3a923bf6244a509119136c176a1992b7f1809927e63ssdeep: 6144:O3+FWMOvqGKgtAqlMyATIqjHbifnM9bvd3vYT+yX8mQo0xTOnIXkzj3W574Og:goQAqlMyATV7Z9bgPzjmZgtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: xa9. All rights reserved. MoCo MediaInternalName: Occurring DonnellyFileVersion: 3.3.98.3CompanyName: MoCo MediaProductName: Occurring DonnellyLanguages: EnglishProductVersion: 3.3.98.3FileDescription: Games Purchases SimplyTranslation: 0x0409 0x04b0

Win32/Kryptik.GHAE also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 005327ff1 )
Lionic	Trojan.Win32.Yakes.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.3953
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Johnnie.101217
Cylance	Unsafe
Sangfor	Trojan.Win32.Yakes.wkgc
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/Yakes.c5abcf5c
K7GW	Trojan ( 005327ff1 )
Cybereason	malicious.f37aac
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Kryptik.GHAE
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Packer.MalwareCrypter-6620810-1
Kaspersky	Trojan.Win32.Yakes.wkgc
BitDefender	Gen:Variant.Johnnie.101217
NANO-Antivirus	Trojan.Win32.Yakes.fctsaz
MicroWorld-eScan	Gen:Variant.Johnnie.101217
Tencent	Win32.Trojan.Yakes.Wvav
Ad-Aware	Gen:Variant.Johnnie.101217
Comodo	Malware@#iv71adhiqldd
BitDefenderTheta	Gen:NN.ZexaF.34058.Cq0@aSbNWObi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CRYSIS.THGBCAH
FireEye	Generic.mg.dcb90edf37aaca0c
Emsisoft	Gen:Variant.Johnnie.101217 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1129572
eGambit	Unsafe.AI_Score_99%
Microsoft	Ransom:Win32/Genasom
GData	Gen:Variant.Johnnie.101217
AhnLab-V3	Malware/Win32.Generic.C2540995
Acronis	suspicious
McAfee	RDN/Ransom
MAX	malware (ai score=97)
VBA32	Trojan.Yakes
Malwarebytes	MachineLearning/Anomalous.95%
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_CRYSIS.THGBCAH
Yandex	Trojan.Yakes!8d5BDmMJfEg
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Yakes.GHAE!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Botnet.Yakes.HgIASOcA