Malware

Doina.7880 removal instruction

Malware Removal

The Doina.7880 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.7880 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Doina.7880?



File Info:

name: 761EF01CACF2DADC3989.mlw
path: /opt/CAPEv2/storage/binaries/a26df4f62ada084a596bf0f603691bc9c02024be98abec4a9872f0ff0085f940
crc32: 1D549B63
md5: 761ef01cacf2dadc39894bbf2b1497e0
sha1: 67239ae583a22be24416257c54b1136d46715086
sha256: a26df4f62ada084a596bf0f603691bc9c02024be98abec4a9872f0ff0085f940
sha512: fba0d21490dbf2a59e085fcf5f02c800e28bea4417cdf55239994413e45eabd8edd5b9e398e20b262723f7f9ff465d6684a096fe4f2a354baa06b3093bb3a49f
ssdeep: 768:tckGxsDeSf2Tay15ClvavN1BJFcWDc+bRGTohaGxb9b3:4Sf2T1Cpa19eicTohaG19b3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T162639F13BDF2C4B3E95242B005B54F769B3F76220F72AE4B7B48964A1E314B54E39247
sha3_384: 14d3f9385abb4b561e59e5eae7ed90b13943d2c4754bfc665fbf3a8de20aba6b3608ff7f911042b6ec16d7cd66db96de
ep_bytes: 558bec6aff687891400068a421400064
timestamp: 2018-03-15 13:08:38


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: Windows Media Player Net Share Service
FileVersion: 12, 8, 0, 11
InternalName: wmpnetwk.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: wmpnetwk.exe
PrivateBuild: 
ProductName: Windows Media Player Net Share Service
ProductVersion: 12, 8, 0, 11
SpecialBuild: 
Translation: 0x0409 0x04b0

Doina.7880 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Doina.7880
FireEyeGeneric.mg.761ef01cacf2dadc
McAfeeAgent-FIY!761EF01CACF2
CylanceUnsafe
SangforTrojan.Win32.Agent.8
K7AntiVirusTrojan ( 005190ca1 )
AlibabaTrojan:Win32/BScope.68ee5719
K7GWTrojan ( 005190ca1 )
Cybereasonmalicious.cacf2d
BitDefenderThetaGen:NN.ZexaF.34742.eq1@aqBeNOji
CyrenW32/Agent.DQR.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.ZEM
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.7880
NANO-AntivirusTrojan.Win32.Graftor.hvfmwx
AvastWin32:Malware-gen
TencentWin32.Trojan.Jaike.Afhu
Ad-AwareGen:Variant.Doina.7880
SophosMal/Generic-S
ComodoMalware@#2i5i0tcp8guid
ZillyaTrojan.Agent.Win32.901300
TrendMicroBKDR_PLEAD.ZKGH
McAfee-GW-EditionAgent-FIY!761EF01CACF2
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Doina.7880 (B)
GDataGen:Variant.Doina.7880
JiangminTrojan.Generic.ejugt
WebrootW32.Trojan.Plead
AviraHEUR/AGEN.1246634
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Doina.D1EC8
MicrosoftTrojan:Win32/Occamy.CA2
CynetMalicious (score: 99)
AhnLab-V3Unwanted/Win32.Agent.C2561082
VBA32BScope.Trojan.Tiggre
ALYacBackdoor.Agent.Plead
MAXmalware (ai score=94)
TrendMicro-HouseCallBKDR_PLEAD.ZKGH
RisingTrojan.Generic@AI.82 (RDML:ywRotfGLTafENRxql9TtjQ)
YandexTrojan.GenAsa!BBZHVzBsD94
IkarusBackdoor.Win32.Farfli
MaxSecureTrojan.Malware.74617821.susgen
FortinetW32/Agent.ZEM!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Doina.7880?

Doina.7880 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment