Malware

About “WinGo/Rozena.ED” infection

Malware Removal

The WinGo/Rozena.ED is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What WinGo/Rozena.ED virus can do?

  • Presents an Authenticode digital signature
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX

How to determine WinGo/Rozena.ED?



File Info:

crc32: 56A3937C
md5: e60d934028a4156804cec92fa91c3878
name: E60D934028A4156804CEC92FA91C3878.mlw
sha1: ec134d89e6b136331b050a40e66495ee9a5e9874
sha256: b90cf2d0bea4f28ddd88e191be2785825baecf8d3e64f069cc35654c71afe87b
sha512: c7f7f51590fe06587c258ec64edbdf71a487eedb6509df5fd8aa1ca8c149d78ad79e8522527c2c538c9ef1b520bf57c244ab6de10d72e4810baf4efb017f6f19
ssdeep: 24576:reR5i/GnQiQ1sZkFCy1Iui85Q+HTR0LzSCJyI83UOtz:reHQj1100dyuTRQxz831t
type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2021. Sangfor. All Rights Reserved.
InternalName: Sangfor
FileVersion: 4.3.0.5.
CompanyName: www.sangfor.com.cn
ProductName: Sangfor
ProductVersion: V.4.3.0.5
FileDescription: x6df1x4fe1x670d SSL
OriginalFilename: Sangfor.exe
Translation: 0x0409 0x04b0

WinGo/Rozena.ED also known as:

K7AntiVirusTrojan ( 005829de1 )
LionicTrojan.Win64.Shelma.4!c
CynetMalicious (score: 99)
CylanceUnsafe
ZillyaTrojan.Shelma.Win64.6532
SangforTrojan.Win64.Shelma.nzw
AlibabaTrojan:Win64/Shelma.c06e84af
K7GWTrojan ( 005829de1 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of WinGo/Rozena.ED
APEXMalicious
AvastWin64:Trojan-gen
KasperskyTrojan.Win64.Shelma.nzw
TencentWin64.Trojan.Shelma.Ahof
SophosMal/Generic-S
TrendMicroBackdoor.Win64.COBEACON.YXBIZZ
McAfee-GW-EditionArtemis!Trojan
SentinelOneStatic AI – Suspicious PE
WebrootW32.Trojan.Gen
AviraTR/AD.PatchedWinSwrort.dypnt
Antiy-AVLTrojan/Generic.ASBOL.C5E3
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!E60D934028A4
VBA32Trojan.Win64.Shelma
TrendMicro-HouseCallBackdoor.Win64.COBEACON.YXBIZZ
RisingTrojan.ShellCode!1.D2D8 (CLASSIC)
YandexTrojan.Shelma!/h3BB81M254
IkarusTrojan.WinGo.Rozena
FortinetW64/Shelma.NZW!tr
AVGWin64:Trojan-gen

How to remove WinGo/Rozena.ED?

WinGo/Rozena.ED removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment