How to remove “Backdoor.Win32.Mokes.ajwz”?

The Backdoor.Win32.Mokes.ajwz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Mokes.ajwz virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Network activity detected but not expressed in API logs

How to determine Backdoor.Win32.Mokes.ajwz?


File Info:
crc32: 4B72D48B
md5: 404d21f2e640f82d2e662ee67df9d76a
name: upload_file
sha1: 4225c7345117e39ccee4e2822a4db3662846d2dc
sha256: 1657dcfd4a8c2eb9278fb15367501830e79c727b53ce3a3c7cb23fdc14b0787d
sha512: 61364df9f857319098d732e6f18570189141e6af16a5dc0d8a317aa662f5bd5163dd96e7cc487ac70b825b68d3d6d5bf717993ba29c83b46f5b1a28bcf5e96e0
ssdeep: 24576:AyIYBezq0JEcxL/+JUmWKGW+wuhgAvAv3vzvTvTvTvTvTvTvTvTvTvTvTvTvTvTV:Aywu0Uri302pcgHd+X6M51NwvpVA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Dpeams                                                      
Comments: This installation was built with Inno Setup.
ProductName: KASOL                                                       
ProductVersion: 7.45                                              
FileDescription: KASOL Setup                                                 
Translation: 0x0000 0x04b0

Backdoor.Win32.Mokes.ajwz also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43715106
CAT-QuickHeal	Trojan.Wacatac
McAfee	Artemis!404D21F2E640
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Trojan.GenericKD.43715106
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Symantec	SMG.Heur!gen
TrendMicro-HouseCall	TROJ_GEN.R002H0CHN20
Avast	Win32:Trojan-gen
Kaspersky	Backdoor.Win32.Mokes.ajwz
Alibaba	Backdoor:Win32/Mokes.37c076a4
NANO-Antivirus	Trojan.Win32.Mokes.hsncui
ViRobot	Trojan.Win32.Z.Mokes.1062937
AegisLab	Trojan.Win32.Mokes.m!c
Tencent	Win32.Backdoor.Mokes.Ozij
Ad-Aware	Trojan.GenericKD.43715106
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Dldr.Zurgop.ypauw
Invincea	Mal/Generic-S
Emsisoft	Trojan.GenericKD.43715106 (B)
Ikarus	Trojan.Dofoil
Jiangmin	Backdoor.Mokes.cnq
MaxSecure	Trojan.Malware.105527999.susgen
Avira	TR/Dldr.Zurgop.ypauw
Microsoft	Trojan:Win32/Ymacco.AA16
Arcabit	Trojan.Generic.D29B0A22
ZoneAlarm	Backdoor.Win32.Mokes.ajwz
GData	Trojan.GenericKD.43715106
AhnLab-V3	Trojan/Win32.Agent.R348617
BitDefenderTheta	Gen:NN.ZexaF.34216.mqW@a0c1MocG
ALYac	Trojan.GenericKD.43715106
MAX	malware (ai score=86)
VBA32	Backdoor.Mokes
Malwarebytes	Trojan.Dropper
Panda	Trj/CI.A
APEX	Malicious
ESET-NOD32	Win32/TrojanDownloader.Zurgop.DA
Fortinet	W32/Ursu.926483!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
Qihoo-360	Generic/HEUR/QVM42.3.566D.Malware.Gen

How to remove Backdoor.Win32.Mokes.ajwz?

Backdoor.Win32.Mokes.ajwz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X