Trojan

What is “Win32/TrojanDownloader.Tovkater.BC”?

Malware Removal

The Win32/TrojanDownloader.Tovkater.BC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Tovkater.BC virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

combinatorial.respection.ru
ec2-34-253-187-85.eu-west-1.compute.amazonaws.com
www.bing.com

How to determine Win32/TrojanDownloader.Tovkater.BC?



File Info:

crc32: 6126D1EE
md5: b287d6b92ee063bf9f3837d5ac4ee793
name: B287D6B92EE063BF9F3837D5AC4EE793.mlw
sha1: 81e93adda36a0dc3a68ce1baf61c42d36556ae1e
sha256: f8f798ab8d398c553ab67eff0587bffc536761d2426071d9909d8fc36a12ff59
sha512: 608a1bef8f5c025d0ecfc06a3b4fb4c948131be528e914b15eb87488aae4eb17cb9936f2d8fe0a258d105848cd81ba774021d0ffc072121f0ea5aa72763799ec
ssdeep: 3072:n0EZ+wwS5NceM/vuVXHEL4XRBcfopGthHe3ww5O:0En5NceM/0XHxh+cy+3wUO
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2017
InternalName: preloade.exe
FileVersion: 1.0.0.1
CompanyName: TODO: 
ProductName: TODO: 
ProductVersion: 1.0.0.1
FileDescription: TODO: 
OriginalFilename: preloade.exe
Translation: 0x0419 0x04b0

Win32/TrojanDownloader.Tovkater.BC also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.CJGK
FireEyeGeneric.mg.b287d6b92ee063bf
CAT-QuickHealAdware.Dataric.A5
Qihoo-360Win32/Virus.Adware.b51
ALYacTrojan.Agent.CJGK
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan-Downloader ( 00511f9c1 )
BitDefenderTrojan.Agent.CJGK
K7GWTrojan-Downloader ( 00511f9c1 )
Cybereasonmalicious.92ee06
BitDefenderThetaGen:NN.ZexaF.34804.Sv2@aatBr4gQ
CyrenW32/S-dbbbd1da!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32Win32/TrojanDownloader.Tovkater.BC
APEXMalicious
AvastFileRepMetagen [Malware]
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
NANO-AntivirusTrojan.Win32.Amonetize.equodm
TencentMalware.Win32.Gencirc.10b45702
Ad-AwareTrojan.Agent.CJGK
EmsisoftTrojan.Agent.CJGK (B)
ComodoApplication.Win32.InstallMonster.FU@75j8fl
F-SecureHeuristic.HEUR/AGEN.1115396
DrWebTrojan.DownLoader25.6853
ZillyaDownloader.Tovkater.Win32.196
TrendMicroHT_TOVKATER_GG3108B9.UVPM
McAfee-GW-EditionDownloader-FBPE!B287D6B92EE0
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDownloader.Generic.awkr
AviraHEUR/AGEN.1115396
MAXmalware (ai score=81)
Antiy-AVLGrayWare[AdWare]/Win32.TOVus
MicrosoftSoftwareBundler:Win32/InstallMonster
ArcabitTrojan.Agent.CJGK
SUPERAntiSpywarePUP.Downloader/Variant
AhnLab-V3PUP/Win32.Amonetize.R204211
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Generic
GDataTrojan.Agent.CJGK
CynetMalicious (score: 100)
Acronissuspicious
McAfeeDownloader-FBPE!B287D6B92EE0
TACHYONTrojan/W32.Agent.1780736.U
VBA32Trojan.Downloader
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallHT_TOVKATER_GG3108B9.UVPM
RisingDownloader.Tovkater!1.ABF6 (CLASSIC)
YandexTrojan.GenAsa!Hs2LmqSPd+w
IkarusTrojan-Downloader.Win32.Tovkater
eGambitUnsafe.AI_Score_99%
FortinetW32/Tovkater.BG!tr.dldr
AVGFileRepMetagen [Malware]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureWin.MxResIcn.Heur.Gen

How to remove Win32/TrojanDownloader.Tovkater.BC?

Win32/TrojanDownloader.Tovkater.BC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment