Malware

Doina.16547 removal instruction

Malware Removal

The Doina.16547 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Doina.16547 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine Doina.16547?


File Info:

name: 231448CACB492BC1605A.mlw
path: /opt/CAPEv2/storage/binaries/3ae68c6d766b65873d4970023a62a6b9be94e6fef813ef79304f90e200442062
crc32: 4C1EAE5A
md5: 231448cacb492bc1605acf340427f527
sha1: 06ea6b5b3005b2a92e7361d8f2d0506b47736a4b
sha256: 3ae68c6d766b65873d4970023a62a6b9be94e6fef813ef79304f90e200442062
sha512: 421e6979a359d49e010402d8207cde82eddf4aef0d6c0fe8e8d88da2989c827428eb566e0dd562f965720c76873b6180b41a596cd2fc7293c589648704f2bb75
ssdeep: 6144:Q96v3UNIPcmmmRm4EG76adSNc/B9XgGJ2FNhCCCC+:Y6EmREGO8oc/B9Q/hCCCC+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D505AF1337E084B7DAC144369AA65BBBEFF6A2244E624543136CCE1C9F30FA1C53E51A
sha3_384: 89da170bee0acc95a3d197f121c060a03b53dc8a4422b0ed8865a0d895a48c580776d16eb7999eb1a6d3b83caf8aeeb8
ep_bytes: 558bec6aff68f0704000682034400064
timestamp: 2012-01-14 14:19:45

Version Info:

Comments:
CompanyName: Shenzhen QVOD Technology Co.,Ltd
FileDescription: QvodInstall Module
FileVersion: 4, 0, 4, 6
InternalName: QvodInstall.exe
LegalCopyright: Copyright(C) 2006-2012 QVOD
LegalTrademarks:
OriginalFilename: QvodInstall.exe
PrivateBuild:
ProductName: QvodInstall Module
ProductVersion: 4, 0, 4, 6
SpecialBuild:
Translation: 0x0409 0x0000

Doina.16547 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader25.31573
MicroWorld-eScanGen:Variant.Doina.16547
FireEyeGeneric.mg.231448cacb492bc1
CAT-QuickHealTrojan.IgenericRI.S27872755
ALYacGen:Variant.Doina.16547
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005203381 )
K7GWTrojan ( 005203381 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34742.pqW@aqK0Hzhb
CyrenW32/Rimod.A.gen!Eldorado
ESET-NOD32Win32/TrojanDropper.Agent.PRE
TrendMicro-HouseCallTROJ_DLDR.ITW
ClamAVWin.Dropper.Genericrxeo-9849932-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.16547
NANO-AntivirusTrojan.Win32.Rimod.crgjki
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:Malware-gen
RisingTrojan.DL.Win32.AVPlayer.a (CLASSIC)
Ad-AwareGen:Variant.Doina.16547
EmsisoftGen:Variant.Doina.16547 (B)
ComodoTrojWare.Win32.Rimod.aj@4tvs05
BaiduWin32.Trojan-Dropper.Agent.s
ZillyaDropper.Agent.Win32.109622
TrendMicroTROJ_DLDR.ITW
McAfee-GW-EditionBehavesLike.Win32.Dropper.cz
Trapminemalicious.high.ml.score
SophosML/PE-A
IkarusTrojan-Dropper.Win32.Agent
GDataGen:Variant.Doina.16547
JiangminTrojan/Generic.ahrto
WebrootW32.Downloader.Gen
AviraTR/Rimod.AJ.1
MAXmalware (ai score=81)
ArcabitTrojan.Doina.D40A3
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Downloader.R20670
McAfeeGenDownloader.oj
TACHYONTrojan/W32.Agent.827680.B
VBA32TrojanDownloader.Agent
MalwarebytesTrojan.Dropper
APEXMalicious
TencentTrojan.Win32.Qvod.kal
YandexTrojan.GenAsa!rD/75XOjNFg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Qvod.PRE!tr.dldr
AVGWin32:Malware-gen
Cybereasonmalicious.acb492
PandaTrj/Genetic.gen

How to remove Doina.16547?

Doina.16547 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment