Categories: Malware

Win32/Kryptik.HCVP removal instruction

The Win32/Kryptik.HCVP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HCVP virus can do?

Executable code extraction
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Sniffs keystrokes
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

How to determine Win32/Kryptik.HCVP?


File Info:
crc32: CC44C616md5: 3b5d6ab1484421a45de92232d52a0157name: wininit.exesha1: bea53e9d3ce5eb229529ee6ab8ee920a2dbb0925sha256: 95f38fde0a961731d73aff5ab9a90127eb7a5abac0134324846347f33de5699csha512: 20d8b549d4ada17a02ccfd6f9eeb07c85d475cb341445e69e86db489fe3c314f16df09bf9fcb8d755742e68fbcbaf05cf441c2d1ff9a97f3d7e4c59a17806dd7ssdeep: 1536:Wnyw5KZgvmRizK77LkLOG5hCC2RAUalraU1sd+h:WnigeKCECWGAUaRN1ptype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: ? Microsoft Corporation. All rights reserved.InternalName: WinInitFileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)CompanyName: Microsoft CorporationLegalTrademarks: ProductName: Microsoft? Windows? Operating SystemProductVersion: 6.1.7600.16385FileDescription: Windows x670dx52a1x4e3bx8fdbx7a0bOriginalFilename: WinInit.exeTranslation: 0x0804 0x04b0

Win32/Kryptik.HCVP also known as:

MicroWorld-eScan	Gen:Variant.Hiloti.2
FireEye	Generic.mg.3b5d6ab1484421a4
Qihoo-360	Generic/HEUR/QVM07.1.0ED8.Malware.Gen
McAfee	GenericRXKK-OH!3B5D6AB14844
Sangfor	Malware
K7AntiVirus	Backdoor ( 0056548f1 )
BitDefender	Gen:Variant.Hiloti.2
K7GW	Backdoor ( 0056548f1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZexaF.34122.fq0@aC0R9Nkb
Symantec	ML.Attribute.HighConfidence
GData	Gen:Variant.Hiloti.2
Tencent	Malware.Win32.Gencirc.114d394d
Ad-Aware	Gen:Variant.Hiloti.2
Zillya	Trojan.Lotok.Win32.32
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.mh
SentinelOne	DFI – Suspicious PE
Emsisoft	Gen:Variant.Hiloti.2 (B)
APEX	Malicious
Antiy-AVL	Trojan[Backdoor]/Win32.Zegost
Endgame	malicious (high confidence)
Arcabit	Trojan.Hiloti.2
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:Win32/Zegost.BW
Acronis	suspicious
VBA32	BScope.Backdoor.Zegost
ALYac	Gen:Variant.Hiloti.2
MAX	malware (ai score=85)
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HCVP
Rising	Trojan.Kryptik!1.AAD1 (CLOUD)
Ikarus	Backdoor.Win32.Zegost
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenKryptik.EIEY!tr
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.148442
Avast	Win32:BackdoorX-gen [Trj]