Malware

Doina.16758 removal tips

Malware Removal

The Doina.16758 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.16758 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Doina.16758?



File Info:

name: E7A1F1E10FDC7A230A6D.mlw
path: /opt/CAPEv2/storage/binaries/9c2781878039688b000db64b25d406000ca6943505700ae5ae450d19247bd5cc
crc32: 1AFC0DA0
md5: e7a1f1e10fdc7a230a6d95ca33a77380
sha1: ddfbe901ffe4a358d997fde5592eeb2f8620ab3d
sha256: 9c2781878039688b000db64b25d406000ca6943505700ae5ae450d19247bd5cc
sha512: 41c567b5794532c8c708e420011c1cd56fb4829d946a03dbb8960877c37db47c9769832c5a002a395e8ae876b6b36effcee2fc88677c8a7aa6736f0c45b4ee33
ssdeep: 6144:KiCRZE8jenn9mY8tTBl2hF/PDABDXUqf7X9:KiCin9KtT32v/Pu7X9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A9445B00E640846BE877087698E6D77DBB687EE1074468D7A3C8BF191EB12E2773125F
sha3_384: c8dfabf88642748f39727c30458755f5d2ece0d605e008685ca3c4a364f81de11d04c0ac69966411e873693c10269d2b
ep_bytes: 558bec6aff68188b42006836fe410064
timestamp: 2017-09-30 11:43:10


Version Info:

Comments: 
CompanyName: VirtualX Corporation
FileDescription: Graphics Acceleration Program
FileVersion: 6, 4, 0, 0
InternalName: GPU Helper
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Driver.exe
PrivateBuild: 
ProductName: GPU Helper
ProductVersion: 6, 4, 0, 0
SpecialBuild: 
Translation: 0x0804 0x04b0

Doina.16758 also known as:

MicroWorld-eScanGen:Variant.Doina.16758
FireEyeGeneric.mg.e7a1f1e10fdc7a23
ALYacGen:Variant.Doina.16758
CylanceUnsafe
VIPREGen:Variant.Doina.16758
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005071551 )
K7GWTrojan ( 005071551 )
Cybereasonmalicious.1ffe4a
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.AFX
APEXMalicious
ClamAVWin.Malware.Farfli-9637592-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.16758
NANO-AntivirusTrojan.Win32.Farfli.etdlxi
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b44fbc
Ad-AwareGen:Variant.Doina.16758
SophosMal/Generic-S
DrWebTrojan.DownLoader25.42043
ZillyaTrojan.Farfli.Win32.30699
McAfee-GW-EditionGenericRXDQ-NQ!E7A1F1E10FDC
EmsisoftGen:Variant.Doina.16758 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Doina.16758
JiangminTrojan.Generic.hizbw
AviraTR/Crypt.XPACK.Gen3
ArcabitTrojan.Doina.D4176
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Farfli.C4208835
McAfeeGenericRXDQ-NQ!E7A1F1E10FDC
MAXmalware (ai score=84)
VBA32Trojan.Downloader
RisingBackdoor.Farfli!1.64D7 (CLASSIC)
IkarusBackdoor.Win32.Farfli
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Farfli.AJY!tr
BitDefenderThetaGen:NN.ZexaF.34806.py2@aq@0Eofb
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Doina.16758?

Doina.16758 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment