How to remove “Backdoor:Win32/Wabot!pz”?

The Backdoor:Win32/Wabot!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:Win32/Wabot!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Backdoor:Win32/Wabot!pz?


File Info:
name: 3EB2EF7AB461C3B2128F.mlw
path: /opt/CAPEv2/storage/binaries/16a41ac2c4cc2214b95c5d76972cb9bc85b99e016298401eb5def79fcf55244a
crc32: F467262F
md5: 3eb2ef7ab461c3b2128ff81acd8dc2ae
sha1: f3ea6d5404fa28730b7467416f6958e481840aa7
sha256: 16a41ac2c4cc2214b95c5d76972cb9bc85b99e016298401eb5def79fcf55244a
sha512: 3c40404062ccd3e1ad81d788d948a4f06ca2a71ea2535304d3b20f8d32311cbdb362506511d23dbc5ac957ec0fb9720887e0d240d9b93f2b49c661a14a80aeb4
ssdeep: 1536:/BJXDjGc9S7zsEXSWjFgNs5ZxT3mxoW/89wLf71Ri:5dDjGh7zzvFKsfV38LLzri
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DD43F1C2191D00F7C2411CB8935345F15A287C67A226AD87CFEA7F3F7CA199496C9BAC
sha3_384: be635894ff601d14a724b79e97954b127d600e00a9976be1a86476553df965f724a3e9593cb1f15524f1b8cff56116b1
ep_bytes: 57c7c772afb4df8d3d5fba581affcf0f
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Backdoor:Win32/Wabot!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Worm.Win32.Generic.o!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.ShellIni.dmYaa0HNRVpi
FireEye	Generic.mg.3eb2ef7ab461c3b2
Skyhigh	BehavesLike.Win32.Picsys.qc
McAfee	Artemis!3EB2EF7AB461
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Wabot.2dc11507
K7GW	Trojan ( 00129bd51 )
K7AntiVirus	Trojan ( 00129bd51 )
Arcabit	Trojan.ShellIni.dmYaa0HNRVpi
BitDefenderTheta	AI:Packer.079EF3211F
Symantec	SMG.Heur!gen
ESET-NOD32	a variant of Win32/Delf.NRF
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:Worm.Win32.Generic
BitDefender	Gen:Trojan.ShellIni.dmYaa0HNRVpi
Avast	Win32:Evo-gen [Trj]
Tencent	Trojan.Win32.Wabot.a
Emsisoft	Gen:Trojan.ShellIni.dmYaa0HNRVpi (B)
Baidu	Win32.Backdoor.Wabot.a
F-Secure	Dropper.DR/Delphi.Gen
DrWeb	Trojan.MulDrop6.64369
VIPRE	Gen:Trojan.ShellIni.dmYaa0HNRVpi
TrendMicro	Backdoor.Win32.WABOT.SMD
Sophos	Mal/Generic-S
Ikarus	Packer.Win32.PolyCrypt
Jiangmin	Worm.Generic.epv
Webroot	W32.Trojan.Gen
Varist	W32/Fujack.U
Avira	DR/Delphi.Gen
Antiy-AVL	Worm/Win32.Fujack.cr
Kingsoft	malware.kb.b.996
Xcitium	TrojWare.Win32.Spy.KeyLogger.~P@19qrg4
Microsoft	Backdoor:Win32/Wabot!pz
ViRobot	Backdoor.Win32.IRCBot.35288
ZoneAlarm	UDS:Worm.Win32.Generic
GData	Gen:Trojan.ShellIni.dmYaa0HNRVpi
Google	Detected
AhnLab-V3	Win32/MalPackedB.suspicious
VBA32	Backdoor.Wabot
ALYac	Gen:Trojan.ShellIni.dmYaa0HNRVpi
MAX	malware (ai score=84)
Malwarebytes	RiskWare.Agent.Keygen
Panda	Trj/Genetic.gen
Zoner	Probably Heur.ExeHeaderP
TrendMicro-HouseCall	Backdoor.Win32.WABOT.SMD
Rising	Backdoor.Wabot!8.31C (TFE:1:2SJGkiBDDYS)
Yandex	Worm.Delf!+dp79mw7Qg8
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Tiny.NQG!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.404fa2
DeepInstinct	MALICIOUS

How to remove Backdoor:Win32/Wabot!pz?

Backdoor:Win32/Wabot!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X