What is “Win32:Atraps-PZ [Trj]”?

The Win32:Atraps-PZ [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Atraps-PZ [Trj] virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine Win32:Atraps-PZ [Trj]?


File Info:
name: AE77FA5B267B9CE02B0C.mlw
path: /opt/CAPEv2/storage/binaries/012202205ddf1c5e565cdacf1371c4030ac6f1c07c0b33483666ca89b9f8e7d1
crc32: F8E6DC7B
md5: ae77fa5b267b9ce02b0c3455b4fc0ce8
sha1: 9f50d8a610744a2dbc9e2ac03d0e7b503c6d4ea6
sha256: 012202205ddf1c5e565cdacf1371c4030ac6f1c07c0b33483666ca89b9f8e7d1
sha512: 8c414f2ab9e3e97f864139d7b20280818e51c50e3363b8e85d4567184d2d63606bc70d4aadac4365c87c4147fbdef1a50710cc01a0e1b6419d65de19c810ef1f
ssdeep: 48:SWkO0IoyTnXz+ihZjok1ZSUrtMQ2RtB5d2lA:ZJTnXzvokSUrtIRtBP
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T13191F93B76782E67C0686B371F6754CA79EF579003680B4E88823217265A127AD7CE53
sha3_384: 22a9c9c236af852ce2e698dfb508c1cd4e679e4bab60989961cca8aa273f5c2b9cec2cedfcd333e22d892a19364e9626
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2013-04-07 20:00:59

Version Info:
0: [No Data]

Win32:Atraps-PZ [Trj] also known as:

Bkav	W32.FamVT.DebrisB.Worm
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.431082
FireEye	Generic.mg.ae77fa5b267b9ce0
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	BehavesLike.Win32.Downloader.xt
McAfee	Downloader-FKP!AE77FA5B267B
Malwarebytes	Bundpil.Worm.AutoRun.DDS
VIPRE	Gen:Variant.Barys.431082
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	EmailWorm ( 0040f50c1 )
K7GW	EmailWorm ( 0040f50c1 )
CrowdStrike	win/malicious_confidence_100% (D)
Baidu	Win32.Worm.Bundpil.ah
VirIT	Trojan.Win32.Small.FAU
Symantec	Trojan.Dropper
ESET-NOD32	Win32/Bundpil.T
APEX	Malicious
TrendMicro-HouseCall	WORM_GAMARUE.SMB
ClamAV	Win.Adware.Downware-246
Kaspersky	Worm.Win32.Debris.b
BitDefender	Gen:Variant.Barys.431082
NANO-Antivirus	Trojan.Win32.Drop.bqqvjw
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
Avast	Win32:Atraps-PZ [Trj]
Tencent	Trojan.Win32.Csyr.A
Emsisoft	Gen:Variant.Barys.431082 (B)
Google	Detected
F-Secure	Trojan.TR/Downloader.Gen
DrWeb	Trojan.MulDrop4.25343
Zillya	Worm.Bundpil.Win32.1334
TrendMicro	WORM_GAMARUE.SMB
Trapmine	suspicious.low.ml.score
Sophos	W32/Gamarue-BM
SentinelOne	Static AI – Malicious PE
Jiangmin	Worm/Generic.aftt
Varist	W32/Csyr.A!Eldorado
Avira	TR/Downloader.Gen
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Win32.Csyr
Kingsoft	malware.kb.a.975
Microsoft	Worm:Win32/Gamarue.DK!MTB
Xcitium	Worm.Win32.Bundpil.T@4wizl6
Arcabit	Trojan.Barys.D693EA
ZoneAlarm	Worm.Win32.Debris.b
GData	Win32.Trojan.PSE.1Y5UO7M
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Bundpil.R63957
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZedlaF.36802.aq5@aejr6Qm
ALYac	Gen:Variant.Barys.431082
TACHYON	Worm/W32.Debris.4485
VBA32	Worm.Gamarue
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Worm.Bundpil!1.E3E2 (CLASSIC)
Ikarus	Worm.Debris
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic!worm
AVG	Win32:Atraps-PZ [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Gamarue.28f0ce19

How to remove Win32:Atraps-PZ [Trj]?

Win32:Atraps-PZ [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X