Categories: Worm

Worm.EternalRocks information

The Worm.EternalRocks is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.EternalRocks virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

archive.torproject.org

How to determine Worm.EternalRocks?



File Info:

crc32: BBEA11CCmd5: 7f9596b332134a60f9f6b85ab616b141name: e77306d2e3d656fa04856f658885803243aef204760889ca2c09fbe9ba36581dsha1: 9f993f080b2708ece0d8d42df2c19dc77aaa80f1sha256: e77306d2e3d656fa04856f658885803243aef204760889ca2c09fbe9ba36581dsha512: c1d4e445ab66b6d47bec2f45227779aa59499cb61a9ab75eecb05071d135b9f7c1e2f19b3f4e7df9e2957dcbcca04343a312684a3f973812cef135e50a05bac4ssdeep: 6144:oAi9Ryzbn12luaQJlHPomK5r6gaWzv+woFbUga2v8TjgJ9WiN7ukMjCDSx1uAqP:ovyfn1+u7HvdgaWzv+3FbUF2v8TjgJctype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0LegalCopyright: Copyright xa9 Microsoft 2017Assembly Version: 1.0.0.0InternalName: svchost.exeFileVersion: 1.0.0.0CompanyName: MicrosoftComments: Host Process for Windows ServicesProductName: Service HostProductVersion: 1.0.0.0FileDescription: Service HostOriginalFilename: svchost.exe

Worm.EternalRocks also known as:

MicroWorld-eScan Trojan.AgentWDCR.LAR
FireEye Generic.mg.7f9596b332134a60
CAT-QuickHeal Trojan.EternalRock.A5
Qihoo-360 Win32/Trojan.d60
McAfee Generic.abu
Cylance Unsafe
AegisLab Trojan.Win32.Fsysna.4!c
K7AntiVirus Trojan ( 0050d20e1 )
BitDefender Trojan.AgentWDCR.LAR
K7GW Trojan ( 0050d20e1 )
Cybereason malicious.332134
TrendMicro TROJ_ETEROCK.A
Cyren W32/Fsysna.BQRQ-5340
Symantec W32.Eternalrocks
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.EternalRocks-6320096-0
GData Win32.Trojan.Agent.2U0X9K
Kaspersky Trojan.Win32.Fsysna.ejvk
Alibaba Trojan:Win32/Fsysna.8e9ee3a6
NANO-Antivirus Trojan.Win32.Fsysna.eoicvj
ViRobot Trojan.Win32.Z.Fsysna.304128
Tencent Win32.Trojan.Fsysna.Alsv
Ad-Aware Trojan.AgentWDCR.LAR
Sophos Mal/Eterocks-B
Comodo Malware@#1hpnsge73cewb
F-Secure Trojan.TR/Crypt.FKM.hcfxo
DrWeb Trojan.DownLoader24.59728
Zillya Trojan.Fsysna.Win32.14745
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Trapmine malicious.high.ml.score
CMC Trojan.Win32.Fsysna!O
Emsisoft Trojan.AgentWDCR.LAR (B)
SentinelOne DFI – Malicious PE
F-Prot W32/Fsysna.R
Jiangmin Worm.EternalRocks.q
Webroot W32.Malware.gen
Avira TR/Crypt.FKM.hcfxo
Antiy-AVL Trojan/Win32.Fsysna
Endgame malicious (high confidence)
Arcabit Trojan.AgentWDCR.LAR
SUPERAntiSpyware Trojan.Agent/Gen-Malagent
ZoneAlarm Trojan.Win32.Fsysna.ejvk
Microsoft Trojan:Win32/Eterock.A
AhnLab-V3 Win-Trojan/MDA.630F094C
Acronis suspicious
ALYac Worm.EternalRocks
MAX malware (ai score=100)
VBA32 Trojan.Fsysna
Malwarebytes Worm.EternalRocks
Panda Trj/WLT.C
Zoner Trojan.Win32.58929
ESET-NOD32 MSIL/Agent.AVH
TrendMicro-HouseCall TROJ_ETEROCK.A
Rising Worm.EternalRocks-03!1.AB03 (KTSE)
Yandex Trojan.Agent!uiHRFRExWYM
Ikarus Worm.DoomsDay
eGambit Trojan.Generic
Fortinet W32/Fsysna.AVH!tr
AVG Win32:EternalRocks-E [Trj]
Avast Win32:EternalRocks-E [Trj]
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.10882331.susgen

How to remove Worm.EternalRocks?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: archive.torproject.orgsvchost.exeWorm.EternalRocks
4 years ago

Recent Posts

Go For Files (PUA) information

The Go For Files (PUA) is considered dangerous by lots of security experts. When this…

25 mins ago

About “TrojanDownloader:Win32/VB.ZJ” infection

The TrojanDownloader:Win32/VB.ZJ is considered dangerous by lots of security experts. When this infection is active,…

25 mins ago

Win32:ExpressDload-AH [PUP] malicious file

The Win32:ExpressDload-AH [PUP] is considered dangerous by lots of security experts. When this infection is…

25 mins ago

Win32/SimpleFiles.A potentially unwanted removal guide

The Win32/SimpleFiles.A potentially unwanted is considered dangerous by lots of security experts. When this infection…

30 mins ago

Trojan.Win32.Agent.xbocpk malicious file

The Trojan.Win32.Agent.xbocpk is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

How to remove “Trojan.Win32.Cossta.ahjt”?

The Trojan.Win32.Cossta.ahjt is considered dangerous by lots of security experts. When this infection is active,…

40 mins ago