How to Prevent and Remove the Trojan.Win32.Autoit.aak

Bookmark and Share

 

1. What is the Trojan.Win32.Autoit.aak

Trojan.Win32.Autoit.aak is a malicious spyware virus which uses malignant tricks to download malicious malware from the Internet. Trojan.Win32.Autoit.aak opens up firewalls and collects confidential information such as personal financial information. Trojan.Win32.Autoit.aak also downloads additional components before the hackers get the remote access to the infected PC. Trojan.Win32.Autoit.aak definitely has an identified security risk and you need to remove Trojan.Win32.Autoit.aak immediately while you detect it.

a. The following files were created in the system:

# Filename(s) File Size
1 %Windir%\8jg53l4ojo74khk.exe
[file and pathname of the sample #1] 		786,354 bytes
  • Note:
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

b. Memory Modifications

 

  • The following module was loaded into the address space of other process(es):

Module Name Module Filename Address Space Details
8jg53l4ojo74khk.exe %Windir%\8jg53l4ojo74khk.exe 704,512 bytes

c. Registry Modifications

  • The newly created Registry Value is:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      • 8jg53l4ojo74khk.exe = "%Windir%\8jg53l4ojo74khk.exe"

      so that 8jg53l4ojo74khk.exe runs every time Windows starts
       
  • The following Registry Value was deleted:
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      • NoDriveTypeAutoRun = 0x00000091

d. Other details

  • The following ports were open in the system:

Port Protocol Process
1054 TCP 8jg53l4ojo74khk.exe (%Windir%\8jg53l4ojo74khk.exe)
1056 TCP 8jg53l4ojo74khk.exe (%Windir%\8jg53l4ojo74khk.exe)
1057 TCP 8jg53l4ojo74khk.exe (%Windir%\8jg53l4ojo74khk.exe)

  • There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host Port Number
207.114.175.51 6667

 

2. How-to's

a. Please update the policy basic knowledge of Sax2  in time, Once  sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

b. How to Remove the Trojan.Win32.Autoit.aak  Manually?

Step 1 : Use Windows Task Manager to Remove Trojan.Win32.Autoit.aak Processes

8jg53l4ojo74khk.exe

Step 2 : Use Registry Editor to Remove Trojan.Win32.Autoit.aak Registry Values

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  • 8jg53l4ojo74khk.exe = "%Windir%\8jg53l4ojo74khk.exe"

Step3: Detect and Delete Other Trojan.Win32.Autoit.aak Files

%Windir%\8jg53l4ojo74khk.exe
[file and pathname of the sample #1]

 

c. How to Remove these trojans Instantly?

Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

 

3. Appendix

For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm