Malware

How to remove “Win32/Packed.CAB.U suspicious”?

Malware Removal

The Win32/Packed.CAB.U suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.CAB.U suspicious virus can do?

  • Presents an Authenticode digital signature
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
nnePzDrgAPdZbWC.nnePzDrgAPdZbWC

How to determine Win32/Packed.CAB.U suspicious?



File Info:

crc32: E35A9193
md5: 51c71057ac7bbd45820453317b7733b0
name: 51C71057AC7BBD45820453317B7733B0.mlw
sha1: c0545c98f74ea6b5bd2172fcdddd61f11fe47f12
sha256: 68336985ff83a119d84741d2bc5aca54c513437620b1b553bc50efac266a5dff
sha512: 02e9a6ad1f02a18017f886f92c04555554e46fe849d5654767872b81239bac2625e3d4acd0c949e11e40bf930ac7664fb3cf000b965c3fa1f0ced06caf0819e4
ssdeep: 24576:/GWafEvheRN/kySSKZV0QNVOqXwhz7IpBn3DbwbpYiTwwtzMp5Hk+lSKMiBfS3/p:cfYcni1S7IpFwbpYiT62ie/PPk5fXWN
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Hxsukak                
FileVersion: 2.17.9959.33779 (shyutwv_akr.300516-3943)
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
ProductVersion: 2.17.9959.33779
FileDescription: Lld47 Zkpfeop Alkpbmyuah                                           
OriginalFilename: YZGJWAU.EXE            .ZIJ
Translation: 0x0409 0x04b0

Win32/Packed.CAB.U suspicious also known as:

Qihoo-360Win32/Trojan.Generic.HxQBC8AA
SangforMalware
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.CAB.U suspicious
APEXMalicious
AvastFileRepMetagen [Malware]
KasperskyTrojan.Win32.Alien.lgr
AegisLabTrojan.Win32.Alien.4!c
ComodoMalware@#1tm8bc2t22dmm
DrWebProgram.Unwanted.2520
TrendMicroTROJ_FRS.VSNTB421
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
WebrootW32.Trojan.Gen
MicrosoftTrojan:Win32/Woreflint.A!cl
GridinsoftTrojan.Win32.Dropper.oa
ZoneAlarmTrojan.Win32.Alien.lgr
GDataWin32.Application.iObit.B
CynetMalicious (score: 100)
McAfeeArtemis!51C71057AC7B
MalwarebytesTrojan.Dropper.WXT.Generic
PandaTrj/Agent.ALS
TrendMicro-HouseCallTROJ_FRS.VSNTB421
RisingDropper.Certutil!1.D0D0 (CLASSIC)
IkarusTrojan.Barys
eGambitPE.Heur.InvalidSig
FortinetRiskware/Alien
AVGFileRepMetagen [Malware]

How to remove Win32/Packed.CAB.U suspicious?

Win32/Packed.CAB.U suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment