Win32/MorganCatering.A potentially unwanted removal guide

The Win32/MorganCatering.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/MorganCatering.A potentially unwanted virus can do?

• Behavioural detection: Executable code extraction – unpacking
• Sample contains Overlay data
• Presents an Authenticode digital signature
• Reads data out of its own binary image
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• CAPE detected the shellcode patterns malware family
• Deletes executed files from disk
• Touches a file containing cookies, possibly for information gathering
• Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/MorganCatering.A potentially unwanted?

File Info:
name: 2921FB5B5991DF7B33F6.mlw
path: /opt/CAPEv2/storage/binaries/1f90b1c830c9a45e666f70f47ae67e8836b7b005b292ea816eb03ba2aa4bfb7f
crc32: 81A4B991
md5: 2921fb5b5991df7b33f66451dee4fb91
sha1: 6cfa8f3f08589c81ab5d9bcb664621cf64bbd629
sha256: 1f90b1c830c9a45e666f70f47ae67e8836b7b005b292ea816eb03ba2aa4bfb7f
sha512: c2fa709c6d9ea0812691c1aeab66898c3b9aea68996b6ccc6270cda3166c893b0fa7a6d1a66a25fb81fca1c1c3be2468af7587c99ee96cfb07dde5b5f16a784b
ssdeep: 98304:n1QTo0nhpz1HtUQUh6iSl7OZp9hbMmGT4QFlDF2zFwf3O+ZUec44pWcdurc/h/pX:1wnU9hZ0O3IOglF2JwPSuQpnDTRv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19066121672D4AA2AC4592F3301E3D07069B7EE59E923A9CE36E4FC4BFB721800D395D5
sha3_384: c56557d12b9ec67afbfa10407efd8dce464d4f88ac76602d4ab23359c2709ccd0fc19a22b2fd1a44ee23db3b5d8e50c6
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-10-12 11:15:57

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: ГТА Сан Андреас Setup                                       
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: ГТА Сан Андреас                                             
ProductVersion: 0.0.0.1                                           
Translation: 0x0000 0x04b0

Win32/MorganCatering.A potentially unwanted also known as:

How to remove Win32/MorganCatering.A potentially unwanted?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.