Categories: Malware

Doina.7880 removal instruction

The Doina.7880 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Doina.7880 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Doina.7880?


File Info:
name: 761EF01CACF2DADC3989.mlwpath: /opt/CAPEv2/storage/binaries/a26df4f62ada084a596bf0f603691bc9c02024be98abec4a9872f0ff0085f940crc32: 1D549B63md5: 761ef01cacf2dadc39894bbf2b1497e0sha1: 67239ae583a22be24416257c54b1136d46715086sha256: a26df4f62ada084a596bf0f603691bc9c02024be98abec4a9872f0ff0085f940sha512: fba0d21490dbf2a59e085fcf5f02c800e28bea4417cdf55239994413e45eabd8edd5b9e398e20b262723f7f9ff465d6684a096fe4f2a354baa06b3093bb3a49fssdeep: 768:tckGxsDeSf2Tay15ClvavN1BJFcWDc+bRGTohaGxb9b3:4Sf2T1Cpa19eicTohaG19b3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T162639F13BDF2C4B3E95242B005B54F769B3F76220F72AE4B7B48964A1E314B54E39247sha3_384: 14d3f9385abb4b561e59e5eae7ed90b13943d2c4754bfc665fbf3a8de20aba6b3608ff7f911042b6ec16d7cd66db96deep_bytes: 558bec6aff687891400068a421400064timestamp: 2018-03-15 13:08:38
Version Info:
Comments: CompanyName: Microsoft CorporationFileDescription: Windows Media Player Net Share ServiceFileVersion: 12, 8, 0, 11InternalName: wmpnetwk.exeLegalCopyright: LegalTrademarks: OriginalFilename: wmpnetwk.exePrivateBuild: ProductName: Windows Media Player Net Share ServiceProductVersion: 12, 8, 0, 11SpecialBuild: Translation: 0x0409 0x04b0

Doina.7880 also known as:

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.Doina.7880
FireEye	Generic.mg.761ef01cacf2dadc
McAfee	Agent-FIY!761EF01CACF2
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.8
K7AntiVirus	Trojan ( 005190ca1 )
Alibaba	Trojan:Win32/BScope.68ee5719
K7GW	Trojan ( 005190ca1 )
Cybereason	malicious.cacf2d
BitDefenderTheta	Gen:NN.ZexaF.34742.eq1@aqBeNOji
Cyren	W32/Agent.DQR.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent.ZEM
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Doina.7880
NANO-Antivirus	Trojan.Win32.Graftor.hvfmwx
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Jaike.Afhu
Ad-Aware	Gen:Variant.Doina.7880
Sophos	Mal/Generic-S
Comodo	Malware@#2i5i0tcp8guid
Zillya	Trojan.Agent.Win32.901300
TrendMicro	BKDR_PLEAD.ZKGH
McAfee-GW-Edition	Agent-FIY!761EF01CACF2
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Doina.7880 (B)
GData	Gen:Variant.Doina.7880
Jiangmin	Trojan.Generic.ejugt
Webroot	W32.Trojan.Plead
Avira	HEUR/AGEN.1246634
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Doina.D1EC8
Microsoft	Trojan:Win32/Occamy.CA2
Cynet	Malicious (score: 99)
AhnLab-V3	Unwanted/Win32.Agent.C2561082
VBA32	BScope.Trojan.Tiggre
ALYac	Backdoor.Agent.Plead
MAX	malware (ai score=94)
TrendMicro-HouseCall	BKDR_PLEAD.ZKGH
Rising	Trojan.Generic@AI.82 (RDML:ywRotfGLTafENRxql9TtjQ)
Yandex	Trojan.GenAsa!BBZHVzBsD94
Ikarus	Backdoor.Win32.Farfli
MaxSecure	Trojan.Malware.74617821.susgen
Fortinet	W32/Agent.ZEM!tr
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)