This Thread should be a warning for all Users and should be explain a few detected Trojans , Viruses and Malware
that was posted in the last Months and nearly the last half year here on the Forum.This should be also an Record to see what was going on in the last Months with the kind of things.
And you get an Overview about how Dangerous they are and that you should take them seriously.
This kind of Software and programs can steal your Money and Coins and can damage your Life maybe.
Here you have a short List of Bad software and the detected programsPe.heur.invalidsigThe Trojan messes with your online activities, non-stop. It redirects you to countless suspicious sites.
As well as, flood your screen with pop-up, in-text, and banner ads. Programs begin to freeze, and don’t work properly.
Source : https://www.virusresearch.org/pe-heur-invalidsig-trojan-removal/Win32/TrojanDownloader.Agent.EATWin32/TrojanDownloader.Agent.EAT is a trojan which tries to download other malware from the Internet.
Source : https://www.virusradar.com/en/Win32_TrojanDownloader.Agent.EAT/descriptionTrojan.Multi.Generic.4!cTrojan.Multi.Generic.4!c has been considered as one of the most dangerous OS threat.
It usually infect all famous browser by attaching add-ons, plug-ins and other suspicious code.
By modifying browser setting and attacking your browser, it will lead you to the third-party site and start to cause interruption while surfing the web.
Trojan.Multi.Generic.4!c will brings lots of serious problems to you.
Encrypts your files , Opens the System backdoor and allow hackers to access PC remotely.Collects victims all sensitive data and send them to the scammers.
Source : http://fix-computervirus.blogspot.com/2019/02/how-to-get-rid-of-trojanmultigeneric4c.htmlTrojan.Agent (A)Trojan.Agent or Trojan.Generic is generic detection of trojan code.
Source : https://www.quora.com/How-do-I-remove-a-Trojan-Agent-virus-from-my-computerTrojan:Win32/Wacatac.B!mlWacatac (also known as Trojan:Win32/Wacatac) is a trojan-type infection that stealthily infiltrates computers and performs a number of malicious actions.
Cyber criminals typically proliferate this malware using spam email campaigns and fake software 'cracks'.
These trojans can do extensive damage. They might collect personal details (such as logins/passwords, banking information, and similar).
Trojan, Password stealing virus, Banking malware, Spyware.
Source : https://www.pcrisk.com/removal-guides/15409-wacatac-trojanBScope.Trojan.ChapakChapak is a malware dropper and installs malware on the victim’s machine after being installed itself.
Unlike a downloader, which contacts a remote server to receive access to files, the dropper already contains the malware when installed on the machine.
Chapak dropper does not damage the infected computer directly but delivers a malware payload or a number of types of malware with various features.
Source : http://snt.hr/boxcontent/CheckPointSecurityReport2019_vol01.pdfSpecialy on this Source and PDF at page 39 is a lot of good Information about Malware,Trojan and Viruses.
Trojan-FRJH!Trojan who downloads malware and other bad software !
Source : https://www.fortiguard.com/search?q=Trojan.FRJH&engine=1&page=1Win32.Packed.KryptikMalware of this family consists of Trojans that use anti-emulation, anti-debugging, and code obfuscation to prevent their analysis.
Source : https://threats.kaspersky.com/en/threat/Trojan.Win32.Kryptik/RDN/Generic.grpMalware virus identified by multiple antiviruses and anti-malware software applications.
The RDN/Generic.grp heuristic detection is categorized as a virus because it inflicts and acts as a malicious threat within the Windows XP,
Windows Vista, Windows 7, Windows 8 or Windows 10 computer system.
RDN/Generic.grp modifies system files, add’s new folders, creates Windows tasks and adds files in order to infect and compromise the computer system.
Source : https://www.fixyourbrowser.com/removal-instructions/remove-rdn-generic-grp-virus-removal-instructions/Win32/Injector.EHRMTrojan Software .
Win32/Injector is the name for generic detection of malware that has capability to create and run a new thread with its own program code within a specific running process.
Source : https://www.virusradar.com/en/Win32_Injector.EHRM/description and
https://www.virusradar.com/en/Win32_Injector/descriptionTrojan.GenericKD.32514727Trojan.GenericKD.3016333 is ransomware that encrypts files stored on the affected device and demands payment of a ransom.
Source : https://www.f-secure.com/v-descs/trojan_w32_generickd_3016333.shtmlWin32.Trojan.WisdomEyes.16070401.9500.9939Malware > Win32.Trojan.WisdomEyes
Source : https://www.threatcrowd.org/listMalware.php?antivirus=Win32.Trojan.WisdomEyes.16070401.9500.9939Found a quote from achow101 about that here on the Forum.
The SHA256 of the file on virustotal matches that in the SHA256SUMS.asc file, so the download is legitimate. The executable is fine and safe. The detections on virustotal are false positives. Bitcoin Core is often flagged as a virus because it looks for a wallet.dat file (so usually considered a coin stealer) and it contains mining logic (so also considered a bitcoin miner). These are true, but are also integral to Bitcoin Core functioning properly; it is the software the makes the wallet.dat file that many viruses try to steal. It also contains logic for mining blocks, but this is only for testnet and regtest networks now. If you have verified that the sha256 of the file matches the sha256 in SHA256SUMS.asc and you have verified the PGP signature in SHA256SUMS.asc, then the file is safe and not a virus.
You can report Suspicious things here :Report Malware and Suspicious Links here so Mods can take Action ![CLUB] The SpamBusters! Busting rule-breakers for more than a year.Or just hit the " Report to Moderator button" and report it directly to an Moderator.
Be aware that not all detections are Trojan , Virus or Malware !
Some Wallets have a integrated miner and the most times Virustotal detect it as suspicious !
Also a lot of Miner Softwares got the most times detections !
Also a helpful post from nc50lc :
A very important information for reporters:
Do not just paste the direct link to virustotal's url scanner as it will scan the host/server of that url instead of the file to be downloaded.And apparently; when you paste mega.nz, it will always result with "
CLEAN MX: Phishing" and "
URLhaus: Malicious" regardless of the link.
Like for example (just MEGA's home URL):
https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detectionSame results, "
CLEAN MX: Phishing" and "
URLhaus: Malicious"
Another (safely reproduce-able) Example:
Try it with Electrum windows executable(s):
https://electrum.org/#download <- It's safe but with false positives.
Copy the direct download link (
https://download.electrum.org/3.3.8/electrum-3.3.8-setup.exe) and paste it to virustotal,
the result will be clean:
VT URL Results. Virustotal didn't download the file in the link, it doesn't work that way.
But if you downloaded the file and uploaded to virustotal, there will be positives:
VT uploaded result (
v3.3.6)
<- Again, false positives Hope this thread gives new Users and all others an Overview about Trojans , Virus and Malware and explain what they are doing and how.
All the Trojans , Malware and Virus in the List was mostly in Wallet Software that was posted only here on the Forum and its just an short list .
There was many others and the count goes to nearly over 100 of them thats why i just have written a short list.
Also i guess there are many more that dont was founded or reported.
Keep your eyes open and watch out when you download anything.
Feel free to post your Opinions and also your Experience and other Results you have found or seen here on the Forum and i update the Thread with it when its helpful.
