Doina.993 removal guide

The Doina.993 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Doina.993 virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Creates a copy of itself
Modifies Image File Execution Options, indicative of process injection or persistence

How to determine Doina.993?


File Info:
name: 17937BC67747C996F2A1.mlw
path: /opt/CAPEv2/storage/binaries/159d8f498a60eb6cb83415f4c6fd03c253d6d22346f1c1633188d7a1220fcc23
crc32: 06EE10EF
md5: 17937bc67747c996f2a1da1758933bbf
sha1: c3e95f1d57cecbcbd8ecff0ce1379912504b4e1e
sha256: 159d8f498a60eb6cb83415f4c6fd03c253d6d22346f1c1633188d7a1220fcc23
sha512: f3960fcf5f7fef59b3564111ba21d56309857d305406dad79a3b368e96b01e0abf2476ca2265379a2cf105a5c715c3ccaa662287b5b56ac7fdfce300ea7b5f8f
ssdeep: 384:/FY7/aIUcmZO2Zp+Nye8pqrmub8TyztsDNq:/2uIUoKK8o8TyJcc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T182A27CE52A5254D0D83702B2CD899BFED3E228911AC6C20B336EE557E47394FBD993C4
sha3_384: ad87aa11f99a9c1b69aecb0195aa74002331723c15b310c7bd5c0dc60292b528b174221ec2fc382a19fad95c32453112
ep_bytes: 68ee4140006a00ff3534554000e8b20c
timestamp: 2008-09-03 15:38:59

Version Info:
0: [No Data]

Doina.993 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Doina.993
CAT-QuickHeal	Trojan.Mauvaise.SL1
Skyhigh	BehavesLike.Win32.QLowZones.mm
McAfee	QLowZones-43
Malwarebytes	Oberal.Trojan.Dropper.DDS
Zillya	Trojan.SmallGen.Win32.2
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.67747c
Arcabit	Trojan.Doina.993
VirIT	Trojan.Win32.Small.XXD
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Oberal.A
APEX	Malicious
ClamAV	Win.Malware.Fugrafa-9806497-0
Kaspersky	Trojan.Win32.Small.xxd
BitDefender	Gen:Variant.Doina.993
NANO-Antivirus	Trojan.Win32.Small.cnwqmt
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
Avast	Win32:Small-MHA [Trj]
Tencent	Trojan.Win32.Small.wa
Emsisoft	Gen:Variant.Doina.993 (B)
Google	Detected
F-Secure	Trojan.TR/ATRAPS.Gen
DrWeb	Trojan.LowZones.1019
VIPRE	Gen:Variant.Doina.993
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.17937bc67747c996
Sophos	ML/PE-A
Ikarus	Trojan.Win32.Small
Jiangmin	Trojan.Small.cos
Webroot	W32.Trojan.Gen
Varist	W32/Oberal.C.gen!Eldorado
Avira	TR/ATRAPS.Gen
Antiy-AVL	Trojan/Win32.Oberal.a
Kingsoft	malware.kb.a.1000
Xcitium	TrojWare.Win32.Small.~AB@25rnf
Microsoft	TrojanSpy:Win32/Small.M
ViRobot	Trojan.Win32.Small.17920.D
ZoneAlarm	Trojan.Win32.Small.xxd
GData	Gen:Variant.Doina.993
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Small.C4201305
Acronis	suspicious
BitDefenderTheta	AI:Packer.C900936B1F
MAX	malware (ai score=85)
VBA32	BScope.Trojan.LowZones
Cylance	unsafe
Panda	Trj/LowZones.UQ
TrendMicro-HouseCall	TROJ_SMALL_00000ae.TOMA
Rising	Trojan.Oberal!1.BDEF (CLASSIC)
Yandex	Trojan.GenAsa!jQc6LKUI3HA
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Oberal.A!tr
AVG	Win32:Small-MHA [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/small.I(dyn)

How to remove Doina.993?

Doina.993 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X