Malware

Win32/Packed.AutoIt.LC removal guide

Malware Removal

The Win32/Packed.AutoIt.LC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.AutoIt.LC virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • QuilMiner network artifacts detected
  • Network activity contains more than one unique useragent.
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Accessed credential storage registry keys
  • Harvests cookies for information gathering

How to determine Win32/Packed.AutoIt.LC?



File Info:

name: 889DBEBB2D383BA5FDA8.mlw
path: /opt/CAPEv2/storage/binaries/74b68eec64f63225e2e86c123e1b220914d80082dd4ce8ba6d4ae8bd4e8b221c
crc32: BE057941
md5: 889dbebb2d383ba5fda8b84254b45ef5
sha1: f301b78b4caf00a85123c1d4c3acda16254b0f72
sha256: 74b68eec64f63225e2e86c123e1b220914d80082dd4ce8ba6d4ae8bd4e8b221c
sha512: 2177093c28919a53bf4909702abdfa87fc673bdd700b8ea85074f455e3ecc2f38469428216e5be3e50e452d9c68579447805eb7448b0a0d9ff494f6715f8bcba
ssdeep: 24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaDEd88CNFfI6T+qSyBAmoRm/5:dh+ZkldoPK8YaD+ZCrnTrSy+S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17045BD0273D5C036FFAB92739B6AF20556BD7D254123892F13981DB9BC701B2263E663
sha3_384: 8c895020dde5f7c94986379ea4be75d984d97ce828ac5b797b4a223d0285bad11d84af23c50c72b34a77a4aafca551a4
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-01-26 07:13:34


Version Info:

Comments: orkCTwo9tGPbKKVdDae3ETovcG5qOfmh19oHKo2Yv6i7224Sns31R9c8LC99qbaBpdTVKpd8WpB5tIccmITSY5nrwEPmDMLqGO
CompanyName: Home Networking Monitor DLL
FileDescription: Simplified Chinese Word Breaker
FileVersion: 9.8.5.7
InternalName: setx.exe
LegalCopyright: (C) A4NA7F72HnUUA7yryT2CTEvlMetNuYyqIIT74MHi1hcw9U Technology Co. Ltd., All rights reserved.
OriginalFilename: setx.exe
ProductVersion: 9.8.5.7
Translation: 0x0809 0x04b0

Win32/Packed.AutoIt.LC also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Gamehack.3!e
DrWebTrojan.DownLoader27.26515
MicroWorld-eScanGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi
FireEyeGeneric.mg.889dbebb2d383ba5
McAfeeArtemis!889DBEBB2D38
CylanceUnsafe
K7AntiVirusTrojan ( 005451ab1 )
AlibabaMalware:Win32/km_2c67698.None
K7GWTrojan ( 005451ab1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/AutoIt.RF.gen!Eldorado
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/Packed.AutoIt.LC
Paloaltogeneric.ml
Kasperskynot-a-virus:RiskTool.Win32.BitCoinMiner.jwpz
BitDefenderGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi
NANO-AntivirusTrojan.Win32.Dwn.fmmecn
AvastFileRepMalware
TencentWin32.Trojan.Generic.Ecav
Ad-AwareGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi
ComodoMalware@#edsmeig5pvun
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
EmsisoftGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi (B)
MaxSecureTrojan.Malware.1726719.susgen
AviraHEUR/AGEN.1100133
MAXmalware (ai score=99)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Occamy.C74
GDataGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.Generic.C2980508
ALYacGen:Trojan.Heur.AutoIT.17lv0@ae1jgVbi
MalwarebytesTrojan.BitCoinMiner.AutoIt
APEXMalicious
RisingTrojan.Obfus/Autoit!1.BD86 (CLASSIC)
IkarusTrojan.Win32.Autoit
eGambitUnsafe.AI_Score_98%
FortinetW32/PossibleThreat
WebrootW32.Trojan.Gen
AVGFileRepMalware
Cybereasonmalicious.b2d383
PandaTrj/Genetic.gen

How to remove Win32/Packed.AutoIt.LC?

Win32/Packed.AutoIt.LC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment