How to remove “Backdoor:Win32/Wabot”?

Malware Removal

The Backdoor:Win32/Wabot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Wabot virus can do?

  • The office file contains 2 macros
  • The office file contains a macro with auto execution
  • The office file contains a macro with suspicious strings

How to determine Backdoor:Win32/Wabot?


File Info:

crc32: DF0F9B0D
md5: fee8c1a550bcdb319b7cac1c45a7547a
name: upload_file
sha1: 0ff9eeefd3d389d8e4b6d5d4b6caff47755b2b64
sha256: 8e3c3e30a1582d6ec6ebd6a35334c4295e46aba8225fdeeb7d019acbc7d69350
sha512: f84378bc3461056d09acba2b5827c65e6016f7c9de54ea034c28164b63de6709fd8709a5cfdc2174afd7197655f0a356b8a969e2795c75c2a50371266f499bbf
ssdeep: 3072:/Msknok2er/yR5DpQKajNDu1CkBwN0pqJfWSI:zkoRoKDpQZqQkmN0scD
type: Microsoft Word 2007+

Version Info:

0: [No Data]

Backdoor:Win32/Wabot also known as:

Elasticmalicious (high confidence)
DrWebW97M.DownLoader.3053
MicroWorld-eScanVB.Heur.EmoDldr.31.E0968550.Gen
FireEyeVB.Heur.EmoDldr.31.E0968550.Gen
CAT-QuickHealO97M.Emotet.35803
McAfeeW97M/downloader.zze
SangforMalware
BitDefenderVB.Heur.EmoDldr.31.E0968550.Gen
InvinceaMal/DocDl-K
CyrenPP97M/Downldr
SymantecW97M.Downloader
TrendMicro-HouseCallTrojan.W97M.POWLOAD.SMAD
AvastVBA:Downloader-BLN [Trj]
ClamAVDoc.Downloader.Emotet-7163043-0
KasperskyHEUR:Trojan.Script.Generic
NANO-AntivirusTrojan.Script.Downloader.hrqanu
AegisLabTrojan.Script.Generic.4!c
TencentHeur:Trojan.Script.LS_Gencirc.7163910.0
Ad-AwareVB.Heur.EmoDldr.31.E0968550.Gen
TACHYONSuspicious/WOX.Obfus.Gen.8
SophosTroj/DocDl-VQY
ComodoMalware@#2ywk8bpko7dw9
F-SecureTrojan:W97M/AutorunMacro.D
TrendMicroTrojan.W97M.POWLOAD.SMAD
McAfee-GW-EditionBehavesLike.Downloader.cc
EmsisoftVB.Heur.EmoDldr.31.E0968550.Gen (B)
IkarusTrojan-Downloader.VBA.Agent
GDataMacro.Trojan-Downloader.Posh.Z@gen
AviraW2000M/Agent.9729916
Antiy-AVLTrojan[Downloader]/MSOffice.Agent.mkp
MicrosoftBackdoor:Win32/Wabot
ArcabitVB.Heur.EmoDldr.31.E0968550.Gen
ZoneAlarmHEUR:Trojan.Script.Generic
CynetMalicious (score: 85)
AhnLab-V3VBA/Downloader.S47
VBA32Trojan-Downloader.O97M.Obfuse.KK!MTB
MAXmalware (ai score=82)
ZonerProbably Heur.W97Obfuscated
ESET-NOD32multiple detections
RisingDownloader.Agent!8.B23 (TOPIS:E0:HCdsizkTbvK)
SentinelOneDFI – Malicious OPENXML
FortinetVBA/Agent.LXPRUMW!tr.dldr
AVGVBA:Downloader-BLN [Trj]
PandaO97M/Downloader
Qihoo-360virus.office.obfuscated.1

How to remove Backdoor:Win32/Wabot?

Backdoor:Win32/Wabot removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment