Author

Topic: List and explain of posted Trojan,Virus and Malware in the last Months! (Read 287 times)

legendary
Activity: 3136
Merit: 3213
So as i have done some research on some specialy Malware and Trojan detections
that was detected from Virustotal and download links was posted on the Forum,
I found some more informations now on the detections.


The ransomeware Manamecrypt also knowen as CryptoHost are in this detections.

This Malware is specialy designed for Crypto.

The detections Gen:Variant.MSIL and Trojan.GenericKD most times a sign for this Malware.
But there more Variations of the Malware and you can see that if the detection has some kind of number or letters on it .

Diffrent Variations of  Manamecrypt
Example:
Gen:Variant.MSIL.Lynx.13
Trojan.GenericKD.3048538
 
So the Malware is the same everytime and the red marked is just an modified Version of it.

How this Infections works when you are infected ?

It encrypts user's files on there computer and it blocks the execution of some programs on the infected machine.
Manamecrypt takes the relevant files for him and copies them into a .RAR file, which he then encodes with a password.
The original files are getting deleted from the hard disk.

Most files that the program looking for are:

*.3g2 *.3gp *.7z *.asf *.avi *.doc *.docx *.flv *.gif *.jpeg *.jpg *.m4v *.mov *.mp4 *.mpeg *.mpg
*.pdf *.png *.ppd *.pps *.ppt *.pptx *.psd *.qt *.rm *.tiff *.txt *.wmv *.wpd *.wps *.xlr *.xls *.xlsl *.zip

But it depends on the Version of the Malware and others looking for more files and other files like .exe and .dll !

At some stage you will get a notification window like this:



In addition to the encryption function, Manamecrypt blocks the execution of programs that contain specific expressions in the process name.

Code:
ad-aware ,facebook ,registry ,editor ,amazon ,game ,rune ,anti virus ,instagram ,shop ,anti-virus ,internet security ,sophos ,antivirus ,kaspersky ,steam
avg ,system ,configuration ,avira ,mcafee ,system ,restore ,bitdefender ,meetme ,task manager ,bullguard ,monitor ,trend micro ,comodo ,netflix ,tumblr
debugger ,norton ,twitter ,dr.web ,obfuscator ,vimeo ,ebay ,origin ,vipre ,eset ,pinterest ,youtube ,f-secure ,registry

This one of the Malwares i have found here on the Forum posted and just thought i share it with all here.

And its possible to get rid of it when you have this Malware infection.
More details on how to remove and get rid of it you can read her https://www.gdata.de/blog/2016/04/28235-manamecrypt-eine-ransomware-geht-neue-wege
If you cant transalte it , write me and i will doing it and post the steps here.

Source used in this post and translated because its written in german : https://www.gdata.de/blog/2016/04/28235-manamecrypt-eine-ransomware-geht-neue-wege
legendary
Activity: 3136
Merit: 3213
Can I request a kind of virus warning that save for us!

You cant realy give an example for a warning on that because its a case by case thing !
For Miner Software and programs you can look on Virustotal as a lot of detection programs have added already a kind of information on that !

Possible example:
gminer_1_41_windows64.zip
https://www.virustotal.com/gui/file/751d2adb3a73e30ed10c185e69bacbeb5801f5d0171fd90849ac1d48c6a98716/detection

Its saying there in the detection

Kaspersky      Not-a-virus:HEUR:RiskTool.Script.BitMiner.gen

If you look on google for that you will find this on the Kaspersky page (I used the german one but will translate it)
Quote
Allgemein gesprochen assoziiert Kasperky Internet Security „not-a-virus“ mit zwei Arten von Anwendungen: Adware und Riskware.
Beide Typen sind nicht von bösartiger Natur, weshalb sie auch nicht als Virus klassifiziert werden können.
Trotzdem sollten Nutzer darüber Bescheid wissen, dass sie installiert werden, denn die Anwendungen könnten ungewollte Dinge ausführen.

Translation:
Quote
Generally speaking, Kasperky Internet Security associates with two types of applications: adware and riskware.
Both types are not of a malignant nature, which is why they can not be classified as a virus.
Nevertheless, users should know that they are being installed because the applications could do unwanted things.

Source : https://www.kaspersky.de/blog/not-a-virus/14499/

But this should be not mean that its safe when there is this " Not-a-virus " notification.
You should be do some research on google and the Internet specialy on the written notification behind the Not-a-virus .
In the example case search for HEUR:RiskTool.Script.BitMiner.gen.

The problem ist that there are so many diffrent versions of the same detected program sometimes.
hero member
Activity: 1750
Merit: 589
Members are really having it all, especially beginners. They're having all the help and guide. All the cautions they need to take note just so they can avoid being a victim of viruses, trojan, and malwares, especially those that have been blatantly created malwares. These thread sums up what needs to be avoided, now we need to do our part which is eduacting ourselves about things like this because we can'tbalways rely on anti-viruses for they still has their limitations and incapabilities regardless of how guaranteed the quality of its service is.
legendary
Activity: 3136
Merit: 3213
Can I request a kind of virus warning that save for us, I know some of them like coinminer and false positive mentioned by nc50lc. Maybe you can add another kind of this virus warning to make sure when I or other member find any wallet contain this warning wouldn't misunderstanding about it. Thank you.

Will be looking on it and update the first post with it when i have it also i will add more things when i have time for it .


You can't 100% rely on antivirus to protect you, avoiding all risky installations and websites.

don't care much about malware in the first place.

Antvirus isnt 100% safe thats right , and you should for sure looking two times what you install.
You should take care about malware .
If you infected with an agressiv one . it just takes 1-2 minutes and your passwords , logins , banking things and all information is sended to the Hackers!

It was happend to me in 2016 with edinar wallet with just 3 detections in it .
This was the detections but it was to late for me because i was a newbie.
https://virustotal.com/en/file/bddedfa2c46d87fb1034923f8ddcbb49d3e319bbba7c56eb54be1fa7bcae7541/analysis/1471612362/

And thats why i fighting about it that others dont have the trouble that i got.
All my accounts on exchanges was hacked and Coins stolen with this shit.

Yep its a virus i installed it and a few minutes later my bittrex account tryd to hacked

Edinar is Virus !!!!!! Warning
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
You can't 100% rely on antivirus to protect you, if you have bad habits, you'll fall victim of some zero-day malware.

Nothing can provide 100% protection, but security programs should be the first line of defense, which should be upgraded with good practices and common sense. In my opinion, this is enough to keep one computer clean and safe for daily work. Spending money on as you say "false sense of security" depends on what the money is actually spent on. For me, there are really good security solutions that I have been using for years, and I have no problem with any online threats, which does not mean that this will not happen at some point.

You're not right about Linux or Mac, they're not immune to viruses or malware, and by some research, these operating system records an increasing number of malware in recent years.

Less Malware for Windows, More for MacOS and Linux (Report 2016)
legendary
Activity: 2296
Merit: 1014
Prevention is key, which means you need to protect your devices before they become infected,
Agree, if antivirus detects something its already too late often. Prevention is key, dont download files from not trusted websites.
Problem is, this list of malware in this topic is easy to defend from because they are detectable already. Worst for users are malware written by hobbysts also named hackers often, that are uknown to world so for antiviruses also. Antiviruses won't protect you from such threat so only prevention will work here.
legendary
Activity: 3024
Merit: 2148
Prevention is key, which means you need to protect your devices before they become infected, which again means that some money needs to be invested in the security of personal computers and smartphones. Although there are people who will probably say that it doesn't make much sense to use security software (it cost some money, it can slow down PC/smartphone), from personal experience I can say that the non-use of such programs at the present time means your device will be infected sooner or later, there is no doubt about it.

It is much easier and simpler to prevent infection rather than remove it, and in most cases, formating hard disk is only correct solution.

You can't 100% rely on antivirus to protect you, if you have bad habits, you'll fall victim of some zero-day malware. So instead of spending money on false sense of security, it's better to develop good practices like having separate environments, avoiding all risky installations and websites, using virtualization for potentially dangerous operations and so on.

Also, Windows's built-in scanner is as good as paid options, and Linux/Mac don't care much about malware in the first place.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Prevention is key, which means you need to protect your devices before they become infected, which again means that some money needs to be invested in the security of personal computers and smartphones. Although there are people who will probably say that it doesn't make much sense to use security software (it cost some money, it can slow down PC/smartphone), from personal experience I can say that the non-use of such programs at the present time means your device will be infected sooner or later, there is no doubt about it.

It is much easier and simpler to prevent infection rather than remove it, and in most cases, formating hard disk is only correct solution.
legendary
Activity: 2324
Merit: 1604
hmph..
Can I request a kind of virus warning that save for us, I know some of them like coinminer and false positive mentioned by nc50lc. Maybe you can add another kind of this virus warning to make sure when I or other member find any wallet contain this warning wouldn't misunderstanding about it. Thank you.
legendary
Activity: 3136
Merit: 3213
legendary
Activity: 3136
Merit: 3213
This Thread should be a warning for all Users and should be explain a few detected Trojans , Viruses and Malware
that was posted in the last Months and nearly the last half year here on the Forum.


This should be also an Record to see what was going on in the last Months with the kind of things.

And you get an Overview about how Dangerous they are and that you should take them seriously.
This kind of Software and programs can steal your Money and Coins and can damage your Life maybe.

Here you have a short List of Bad software and the detected programs

Pe.heur.invalidsig
The Trojan messes with your online activities, non-stop. It redirects you to countless suspicious sites.
As well as, flood your screen with pop-up, in-text, and banner ads. Programs begin to freeze, and don’t work properly.
Source : https://www.virusresearch.org/pe-heur-invalidsig-trojan-removal/

Win32/TrojanDownloader.Agent.EAT
Win32/TrojanDownloader.Agent.EAT is a trojan which tries to download other malware from the Internet.
Source : https://www.virusradar.com/en/Win32_TrojanDownloader.Agent.EAT/description

Trojan.Multi.Generic.4!c
Trojan.Multi.Generic.4!c has been considered as one of the most dangerous OS threat.
It usually infect all famous browser by attaching add-ons, plug-ins and other suspicious code.
By modifying browser setting and attacking your browser, it will lead you to the third-party site and start to cause interruption while surfing the web.
Trojan.Multi.Generic.4!c will brings lots of serious problems to you.
Encrypts your files , Opens the System backdoor and allow hackers to access PC remotely.Collects victims all sensitive data and send them to the scammers.
Source : http://fix-computervirus.blogspot.com/2019/02/how-to-get-rid-of-trojanmultigeneric4c.html

Trojan.Agent (A)
Trojan.Agent or Trojan.Generic is generic detection of trojan code.
Source : https://www.quora.com/How-do-I-remove-a-Trojan-Agent-virus-from-my-computer

Trojan:Win32/Wacatac.B!ml
Wacatac (also known as Trojan:Win32/Wacatac) is a trojan-type infection that stealthily infiltrates computers and performs a number of malicious actions.
Cyber criminals typically proliferate this malware using spam email campaigns and fake software 'cracks'.
These trojans can do extensive damage. They might collect personal details (such as logins/passwords, banking information, and similar).
Trojan, Password stealing virus, Banking malware, Spyware.
Source : https://www.pcrisk.com/removal-guides/15409-wacatac-trojan

BScope.Trojan.Chapak
Chapak is a malware dropper and installs malware on the victim’s machine after being installed itself. 
Unlike a downloader, which contacts a remote server to receive access to files, the dropper already contains the malware when installed on the machine.
Chapak dropper does not damage the infected computer directly but delivers a malware payload or a number of types of malware with various features.
Source : http://snt.hr/boxcontent/CheckPointSecurityReport2019_vol01.pdf
Specialy on this Source and PDF at page 39 is a lot of good Information about Malware,Trojan and Viruses.

Trojan-FRJH!
Trojan who downloads malware and other bad software !
Source : https://www.fortiguard.com/search?q=Trojan.FRJH&engine=1&page=1

Win32.Packed.Kryptik
Malware of this family consists of Trojans that use anti-emulation, anti-debugging, and code obfuscation to prevent their analysis.
Source : https://threats.kaspersky.com/en/threat/Trojan.Win32.Kryptik/

RDN/Generic.grp
Malware virus identified by multiple antiviruses and anti-malware software applications.
The RDN/Generic.grp heuristic detection is categorized as a virus because it inflicts and acts as a malicious threat within the Windows XP,
Windows Vista, Windows 7, Windows 8 or Windows 10 computer system.
RDN/Generic.grp modifies system files, add’s new folders, creates Windows tasks and adds files in order to infect and compromise the computer system.
Source : https://www.fixyourbrowser.com/removal-instructions/remove-rdn-generic-grp-virus-removal-instructions/

Win32/Injector.EHRM
Trojan Software .
Win32/Injector is the name for generic detection of malware that has capability to create and run a new thread with its own program code within a specific running process.
Source : https://www.virusradar.com/en/Win32_Injector.EHRM/description and https://www.virusradar.com/en/Win32_Injector/description

Trojan.GenericKD.32514727
Trojan.GenericKD.3016333 is ransomware that encrypts files stored on the affected device and demands payment of a ransom.
Source : https://www.f-secure.com/v-descs/trojan_w32_generickd_3016333.shtml

Win32.Trojan.WisdomEyes.16070401.9500.9939
Malware > Win32.Trojan.WisdomEyes
Source : https://www.threatcrowd.org/listMalware.php?antivirus=Win32.Trojan.WisdomEyes.16070401.9500.9939
Found a quote from achow101 about that here on the Forum.
The SHA256 of the file on virustotal matches that in the SHA256SUMS.asc file, so the download is legitimate. The executable is fine and safe. The detections on virustotal are false positives. Bitcoin Core is often flagged as a virus because it looks for a wallet.dat file (so usually considered a coin stealer) and it contains mining logic (so also considered a bitcoin miner). These are true, but are also integral to Bitcoin Core functioning properly; it is the software the makes the wallet.dat file that many viruses try to steal. It also contains logic for mining blocks, but this is only for testnet and regtest networks now. If you have verified that the sha256 of the file matches the sha256 in SHA256SUMS.asc and you have verified the PGP signature in SHA256SUMS.asc, then the file is safe and not a virus.



You can report Suspicious things here :
Report Malware and Suspicious Links here so Mods can take Action !
[CLUB] The SpamBusters! Busting rule-breakers for more than a year.
Or just hit the " Report to Moderator button" and report it directly to an Moderator.

Be aware that not all detections are Trojan , Virus or Malware !
Some Wallets have a integrated miner and the most times Virustotal detect it as suspicious !
Also a lot of Miner Softwares got the most times detections !

Also a helpful post from nc50lc :

A very important information for reporters:
Do not just paste the direct link to virustotal's url scanner as it will scan the host/server of that url instead of the file to be downloaded.
And apparently; when you paste mega.nz, it will always result with "CLEAN MX: Phishing" and "URLhaus: Malicious" regardless of the link.

Like for example (just MEGA's home URL):
https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detection
Same results, "CLEAN MX: Phishing" and "URLhaus: Malicious"

Another (safely reproduce-able) Example:
Try it with Electrum windows executable(s): https://electrum.org/#download <- It's safe but with false positives.
Copy the direct download link (https://download.electrum.org/3.3.8/electrum-3.3.8-setup.exe) and paste it to virustotal,
the result will be clean: VT URL Results. Virustotal didn't download the file in the link, it doesn't work that way.
But if you downloaded the file and uploaded to virustotal, there will be positives: VT uploaded result (v3.3.6) <- Again, false positives

Hope this thread gives new Users and all others an Overview about Trojans , Virus and Malware and explain what they are doing and how.
All the Trojans , Malware and Virus in the List was mostly in Wallet Software that was posted only here on the Forum and its just an short list .
There was many others and the count goes to nearly over 100 of them thats why i just have written a short list.
Also i guess there are many more that dont was founded or reported.
Keep your eyes open and watch out when you download anything.


Feel free to post your Opinions and also your Experience and other Results you have found or seen here on the Forum and i update the Thread with it when its helpful.
Jump to: