Guide To Remove Marap From Infected System

Threat Analysis For: Marap

 

Marap is a newly discovered threat that was discovered in August 2018 and has been categorized as a Trojan based upon the actions that it is capable of performing on infected systems. It has been widely researched and has been identified to be using sophisticated scripts to evade scrutiny. Marap has been designed such that it can allow its developers to download other programs on infected systems which can enable it further to carry out various specific attacks and exploit the system based on its vulnerabilities.

How Marap Can Enter Your System:

The payload of Marap can be dropped using spam mails that are crafted to intimidate users with alarming subject lines. The contents of which are written to make users download the files such as Microsoft Excel Web Query, Password protected Archive files, PDF documents and Microsoft Word documents which are infested with Marap as they embedded within in form of '.iqy' objects or macro enabled files. These mails are crafted to appear as sales pitch for promotional content, notification from banking firms and invoices from reputed services.

Activities Of Marap malware:

Immediately after intrusion, Marap copies its payload to Temp directory in an encrypted format which is called within system's working memory by a script. It has been observed that the trojan is designed to evade scrutiny by using advanced hashing process in which windows API function calls can be determined at runtime. Marap can even perform riming checks for functions that help it in preventing debugging of its scripts. It can compare virtual machine address of the infected system with a list and can auto destruct itself when matched. The trojan also uses HTTP traffic to receive and transmit details from command and control servers, such as Account name, Country, Default Keyboard layout, Domain name, Host name, IP address, Installed anti-virus product, Windows version.

Dangers Of Marap:

Marap has a modular design which can be exploited easily to receive specific instructions to damage the infected system. It can receive updates to expand its capabilities which can be used to launch DdoS attacks, record keystrokes and use system's web traffic as a proxy for developers behind the trojan. Marap can also be used to install other malware such as cryptographic coin miners which will be used to exploit CPU and GPU resources to generate revenue for developers. This programs will cause the system to run slow and it may start to lag while doing simple tasks. Users may even face abrupt system crash due to the unwanted processes running in the background. This guide will be helpful to remove Marap from system.

>>Free Download Marap Scanner<<

 

How to Remove Marap from Compromised PC (Manual Steps)

(This guide is intended to help users in following Step by Step instructions in making Windows Safe)

The first step which need to be followed is to Restart Windows PC in Safe Mode

Reboot in Safe Mode (For Windows XP | Vista | Win7)

1. Restart Computer
2. Tap on F8 continuously when the PC starts booting and select the option to enter Safe Mode with Networking.

For Windows 8/8.1

1. Press on the Start Button and then Choose Control Panel from the menu option
2. Users need to opt for System and Security, to select Administrative Tools and then System Configuration.

3.  Next, Click on the Safe Boot option and then choose OK, this will open a pop-up window, next Select Restart Option.

For Windows 10

1. Start Menu is to be selected to Open it
2. Press the power button icon which is present in the right corner, this will display power options menu.
3. Keeping the SHIFT Key pressed on the keyboard, select the restart option. This will reboot Win 10
4. Now you need to select the Troubleshoot icon, followed by advanced option in the startup Settings. Click on Restart. This will give the option to reboot, now select Enter Safe Mode with Networking.

Step 2. Uninstall Marap from Task Manager on Windows

How to End the Running Process related to Marap using Task Manager

1. Firstly, Open Task Manager by Pressing Ctrl+Shift+Esc in Combination
2. Next, Click on processes to Find Marap
3. Now Click and select End Process to terminate Marap.

Step3: How to Uninstall Marap from Control Panel on Windows

for Win XP| Vista and Win 7 Users

1. Click and Select on Start Menu
2. Now Control Panel is to be selected from the list
3. Next Click on Uninstall Program
4. Users need to Choose suspicious program related to Marap and right clicking on it.
5. Finally, Select Uninstall option.

For Win 8

• Click and Select “Charms bar”
• Now Select Settings Option
• Next Click on Control Panel
• Select on Uninstall a Program Option and right click on program associated to Marap and finally uninstall it.

For Windows 10

1. The first Step is to Click and Select on Start Menu
2. Now Click on All Apps
3. Choose Marap and other suspicious program from the complete list
4. Now right Click on to select Marap and finally Uninstall it from Windows 10

Step: 4 How to Delete Marap Created Files from Registry

• Open Registry by Typing Regedit in the Windows Search Field and then press on Enter.
• This will open the registry entries. Now users need to press CTRL + F together and type Marap to find the entries.
• Once located, delete all Marap named entries. If you are unable to find it, you need to look up for it on the directories manually. Be careful and delete only Marap entries, else it can damage your Windows Computer severely.

HKEY_CURRENT_USER—-Software—–Random Directory. 
HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Still having any problem in getting rid of Marap, or have any doubt regarding this, feel free to ask our experts.