Backdoor

Backdoor.Win32.Lotok.dqo removal

Malware Removal

The Backdoor.Win32.Lotok.dqo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Lotok.dqo virus can do?

  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs

How to determine Backdoor.Win32.Lotok.dqo?



File Info:

crc32: BD44543C
md5: d243683f4bc6adf283de344e0f0ba6cb
name: D243683F4BC6ADF283DE344E0F0BA6CB.mlw
sha1: bd8815e4b8aedb7872ffbd8a2ab0162fcd727e18
sha256: 4e8987b5f7e1eec411334c12a660df296e36af7e2c4702ee050ab453c8da31aa
sha512: c1fbdff4ce22b85a563648854eee076697bc07d7625d337f69320cc99090846ebb1a8b13b570c12335bfeec7774a46b1cadb5b455a636fc43670c109ee974488
ssdeep: 12288:j7eohATdPF2Gp33V6K9gc3CnkcTXHWDGpHeI8lwYajtXhEDq66+qVhoYoSS:P0P5J3VU4CksHbp+ISnajtxoq66Bg
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: x8010x514bx6570x636e x7248x6743x6240x6709
FileVersion: 3.4.0.0
CompanyName: x8010x514bx6570x636e
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: x7206x7387x8c03x6574x5de5x5177
ProductVersion: 3.4.0.0
FileDescription: x7206x7387x8c03x6574x5de5x5177v3.4
Translation: 0x0804 0x04b0

Backdoor.Win32.Lotok.dqo also known as:

K7AntiVirusTrojan ( 005246d51 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader30.39861
CynetMalicious (score: 100)
CAT-QuickHealHacktool.Flystudio.16558
ALYacTrojan.GenericKD.45387484
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaBackdoor:Win32/Lotok.b95a0c45
K7GWTrojan ( 00013a151 )
Cybereasonmalicious.4b8aed
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
AvastWin32:Malware-gen
KasperskyBackdoor.Win32.Lotok.dqo
BitDefenderTrojan.GenericKD.45387484
NANO-AntivirusTrojan.Win32.Lotok.ihxlyu
MicroWorld-eScanTrojan.GenericKD.45387484
Ad-AwareTrojan.GenericKD.45387484
SophosMal/Generic-S (PUA)
ComodoPacked.Win32.MUPX.Gen@24tbus
F-SecureBackdoor.BDS/Redcap.wsjln
BitDefenderThetaGen:NN.ZexaF.34804.PmKfaKV@OJnb
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.d243683f4bc6adf2
EmsisoftTrojan.GenericKD.45387484 (B)
SentinelOneStatic AI – Malicious PE
AviraBDS/Redcap.wsjln
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Generic.D2B48EDC
AegisLabTrojan.Multi.Generic.4!c
ZoneAlarmBackdoor.Win32.Lotok.dqo
GDataWin32.Application.PUPStudio.A
Acronissuspicious
McAfeeArtemis!D243683F4BC6
MalwarebytesMalware.Heuristic.1003
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H0CAC21
RisingBackdoor.Lotok!8.111D5 (CLOUD)
YandexBackdoor.Lotok!iem1dx4KSaA
IkarusTrojan.Win32.Crypt
MaxSecureDropper.Dinwod.frindll
FortinetW32/Agent.65CA!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Backdoor.Win32.Lotok.dqo?

Backdoor.Win32.Lotok.dqo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment