Malware

How to remove “Win32/Kryptik.GVUT”?

Malware Removal

The Win32/Kryptik.GVUT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GVUT virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the TrickBot malware family

How to determine Win32/Kryptik.GVUT?



File Info:

name: 36156348542368EB0808.mlw
path: /opt/CAPEv2/storage/binaries/faea0f472cc2d51635fd93d6dfaf1890f3453c629672f27bf75b7b5df49f912f
crc32: C5AC248B
md5: 36156348542368eb0808e9766dbcc201
sha1: 8e3578447d2c52397d40282182949d24a4cf91bb
sha256: faea0f472cc2d51635fd93d6dfaf1890f3453c629672f27bf75b7b5df49f912f
sha512: a9cbae57eb3bd7fba3bdc74f6b14cafb8623c30d4ff1868a714eb0104ef3f8efc13dc42347ec14c86e8cf94af51652487d5529863a5b43397f334c0879d6b426
ssdeep: 12288:8/qBzgkglHBQd2AhjrSgjclpfweaiWuI5IJPK44Sl09JoVrY3ls:8/qqkgxBQdfgmcPfQiWZ5IJx4z/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC052969A3434464E7828E34547FC066CB09BD642B634BFBAD847E06123E5BAB31D773
sha3_384: cf3e61bd0f13787c08531955273e0d3d05e326f9adc785c35a7cd4efcdd5024bd25fa667f71f48b8a582d5014c3e1b60
ep_bytes: e87f680000e989feffff8bff558bec8b
timestamp: 2011-08-20 09:25:12


Version Info:

Comments: http://www.villageandanimalcapital.com
CompanyName: Wordfor Oceanhouse Media
FileDescription: Wideminute
FileVersion: 8.8.74.81
InternalName: Wideminute
LegalCopyright: Copyright © 2008-2013 Sleeproom
OriginalFilename: Wideminute
ProductName: Wideminute
ProductVersion: 8.8.74.81
Translation: 0x0409 0x04e4

Win32/Kryptik.GVUT also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.53
FireEyeGeneric.mg.36156348542368eb
ALYacGen:Heur.Mint.Zard.53
MalwarebytesTrojan.Dropper
K7AntiVirusTrojan ( 005567161 )
AlibabaTrojan:Win32/Yakes.0473db5c
K7GWTrojan ( 005567161 )
Cybereasonmalicious.854236
BitDefenderThetaGen:NN.ZexaF.34212.Xq0@a00CMJki
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GVUT
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Yakes.yzbw
BitDefenderGen:Heur.Mint.Zard.53
NANO-AntivirusTrojan.Win32.Yakes.fwhdib
AvastWin32:Trojan-gen
TencentWin32.Trojan.Yakes.Lhmz
Ad-AwareGen:Heur.Mint.Zard.53
SophosMal/Generic-S + Mal/EncPk-AOY
DrWebTrojan.Inject3.23491
TrendMicroTROJ_GEN.R002C0RB222
McAfee-GW-EditionBehavesLike.Win32.Trojan.bh
EmsisoftGen:Heur.Mint.Zard.53 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1229085
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.2C42BD2
ArcabitTrojan.Mint.Zard.53
ViRobotTrojan.Win32.Z.Mint.817664.A
ZoneAlarmTrojan.Win32.Yakes.yzbw
GDataGen:Heur.Mint.Zard.53
AhnLab-V3Malware/Win32.Generic.C3445750
Acronissuspicious
VBA32Trojan.Yakes
TrendMicro-HouseCallTROJ_GEN.R002C0RB222
RisingTrojan.Generic@AI.82 (RDML:VMbaTEn33rljx0a7vjKhcw)
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.74512162.susgen
FortinetW32/Gozi.GET!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.GVUT?

Win32/Kryptik.GVUT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment