How to remove “Backdoor.Win32.Yoddos”?

The Backdoor.Win32.Yoddos is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Yoddos virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Backdoor.Win32.Yoddos?


File Info:
name: AE7F93E6F4115E2B606F.mlw
path: /opt/CAPEv2/storage/binaries/c1e93ad578767b1eff29c77816d3063fa416ea10b829d327cda30c9b186701a6
crc32: 815FE2C4
md5: ae7f93e6f4115e2b606f21baab47fea8
sha1: c0ee0319e7312c751a9347b576e8fd688393a1b6
sha256: c1e93ad578767b1eff29c77816d3063fa416ea10b829d327cda30c9b186701a6
sha512: 7bbd04c88febe98c6d2fa6ed0dbca80fe3c574498ec575b99a0ff3c5c5a7a88afd40315f13147f212d5bea9e548ca3c0d531417a6a2f529a877f1a9ae8e9a991
ssdeep: 768:D+qDGBnwQmQx5ZzRqnE6HOO6w4xM7entpOdChArCgWgdj2EwTAi4HBu:Ck+EERqnE2ONvYktwdh+sCTQs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167248DE275568960D71222785401C2459C8EC749A338C3CBFBA6A6AFD62031BBFDCD79
sha3_384: 8acb557585633b002fb906a61e6a216e52efb69d822ef8f0f72e8d60e73ed332d04ca54490f4dd4d7b4731678d96c6e6
ep_bytes: 00000000000000000000000000000000
timestamp: 2017-10-15 03:39:59

Version Info:
0: [No Data]

Backdoor.Win32.Yoddos also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
FireEye	Generic.mg.ae7f93e6f4115e2b
Skyhigh	BehavesLike.Win32.Generic.dz
Malwarebytes	Backdoor.Padodor
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Yoddos.gen
Rising	Trojan.Generic@AI.100 (RDML:bDtlfRPrcGajIW6Z9XjOlA)
Sophos	ML/PE-A
Trapmine	malicious.high.ml.score
Google	Detected
Varist	W32/Agent.FTI.gen!Eldorado
Kingsoft	malware.kb.a.1000
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	HEUR:Backdoor.Win32.Yoddos.gen
GData	Win32.Trojan.Agent.7OM5BA
Cynet	Malicious (score: 100)
AhnLab-V3	Downloader/Win.Berbew.C5536052
McAfee	Artemis!AE7F93E6F411
DeepInstinct	MALICIOUS
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R03BH0CKC23
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Qukart.8979!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.9e7312
Avast	Win32:Evo-gen [Trj]

How to remove Backdoor.Win32.Yoddos?

Backdoor.Win32.Yoddos removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X