Malware

How to remove “Win32:Alureon-ATI [Trj]”?

Malware Removal

The Win32:Alureon-ATI [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Alureon-ATI [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32:Alureon-ATI [Trj]?



File Info:

name: 2A83118A772225DE3396.mlw
path: /opt/CAPEv2/storage/binaries/d006cc50725834d62e2f56844422b19ad7022f38c31f94cbec1c2260358df061
crc32: C933ACBF
md5: 2a83118a772225de3396617dacb150e6
sha1: 961d6f35029dded014728160d764fecffd4955cf
sha256: d006cc50725834d62e2f56844422b19ad7022f38c31f94cbec1c2260358df061
sha512: d09d419b056b0942cfd6a22e0a2c274c15b5886f5389165fc872073f7183f4ac80a54bf313dff9d59391c4836c80263c74bebe08012b19e28f7fc1d0e1bd5fb0
ssdeep: 6144:grynLacGLNKLum62RdYdR3XK4kgGn07SPxBl6OfqHjSKC6k541z:m0LrGLNKLumz0v3a4kln0eZ76OfRr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F2946B027795E0F6C18212704E469F3631B2FEA45BA166CBB3C43E6D2F317C51A36B96
sha3_384: 0dc2c3fe6173c97269cf6e3d4f81f287fd65c46fb8309ff5f10f34eb446040cbfa7f6cf0b2683b8a952f45467c97abfa
ep_bytes: 6a6068f0274500e84e120000bf940000
timestamp: 2011-01-18 14:34:37


Version Info:

FileVersion: 1.0.0.56
ProductVersion: 1.0.0.56
Translation: 0x0804 0x03a8

Win32:Alureon-ATI [Trj] also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.OnlineGames.5
FireEyeGeneric.mg.2a83118a772225de
CAT-QuickHealTrojan.GenericRI.S23701459
McAfeeStartPage-NH.a
CylanceUnsafe
ZillyaTrojan.OnLineGames.Win32.81347
K7AntiVirusTrojan ( 001cac2a1 )
K7GWTrojan ( 001cac2a1 )
Cybereasonmalicious.a77222
BaiduWin32.Trojan.BHO.n
CyrenW32/FakeGame.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/BHO.OBT
APEXMalicious
ClamAVWin.Trojan.OnlineGames-65
KasperskyTrojan-Downloader.Win32.Gamup.qht
BitDefenderGen:Variant.OnlineGames.5
NANO-AntivirusTrojan.Win32.OnLineGames.cqsvl
AvastWin32:Alureon-ATI [Trj]
RisingTrojan.Win32.StartPage.qgi (CLASSIC)
Ad-AwareGen:Variant.OnlineGames.5
SophosML/PE-A + Troj/Darbyen-A
ComodoTrojWare.Win32.BHO.EFKMNB@4ok0yf
DrWebTrojan.PWS.Wsgame.28040
VIPRETrojan.Win32.Darbyen.A (v) (not malicious)
TrendMicroTROJ_STARTP.SML2
McAfee-GW-EditionBehavesLike.Win32.StartPage.gh
EmsisoftGen:Variant.OnlineGames.5 (B)
IkarusTrojan-Downloader.Win32.Gamup
GDataGen:Variant.OnlineGames.5
JiangminTrojan/PSW.OnLineGames.cdtc
WebrootW32.InfoStealer.OnlineGames.Gen
AviraTR/BHO.efkmnb
Antiy-AVLTrojan/Generic.ASMalwS.1660A
KingsoftHeur.SSC.2764885.1216.(kcloud)
ArcabitTrojan.OnlineGames.5
MicrosoftTrojan:Win32/BHO.EF
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.OnlineGameHack.R1905
Acronissuspicious
VBA32TrojanDownloader.Gamup
ALYacGen:Variant.OnlineGames.5
MAXmalware (ai score=87)
MalwarebytesMalware.AI.1936140542
TrendMicro-HouseCallTROJ_STARTP.SML2
TencentTrojan.Win32.BitCoinMiner.la
YandexTrojan.GenAsa!Jb96zaNUH9E
SentinelOneStatic AI – Malicious PE
FortinetW32/ZLob.AAAA!tr.dldr
BitDefenderThetaGen:NN.ZexaF.34294.Au2@a89FJweb
AVGWin32:Alureon-ATI [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:Alureon-ATI [Trj]?

Win32:Alureon-ATI [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment