Downloader.Win32.OneClick removal guide

The Downloader.Win32.OneClick is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Downloader.Win32.OneClick virus can do?

A file was accessed within the Public folder.
Sample contains Overlay data
Reads data out of its own binary image
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Downloader.Win32.OneClick?


File Info:
name: 6C22A1C4B44882EC6535.mlw
path: /opt/CAPEv2/storage/binaries/1997ff8fdfbffa73fc0e71d05b56c1afe4d992a5c31a0b507c1d1cb995dece15
crc32: A981BB9A
md5: 6c22a1c4b44882ec6535bbd3016e6b7d
sha1: 590afbee98c582b9cfa5d64a035168e78a508467
sha256: 1997ff8fdfbffa73fc0e71d05b56c1afe4d992a5c31a0b507c1d1cb995dece15
sha512: 9de1f07b931fc9e808818eef8bf5175aa16f3fbefd5a8cf8d301ea7443061d28c309422f48cf727760d6045700653d44d79a9c8a4c27abb1df7f18ac40dcb436
ssdeep: 6144:/QquI6qsRjtdweIh0o7PTR+91bZRVoeHyD2Q1:UIkRpdShPTR+9joes2Q1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16F34123471C4CA6EE5521AB0C9FBDBA9F3F7CB1107209B572BA58FBE2D701938948581
sha3_384: dea204a263c6b59690d7000bf394be35adb35a24f508d01a25b93a772e57412960308bab50c4a7eb227c84a575528583
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:41

Version Info:
0: [No Data]

Downloader.Win32.OneClick also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.ltMX
Skyhigh	BehavesLike.Win32.Dropper.dc
McAfee	Artemis!6C22A1C4B448
Cylance	unsafe
Sangfor	Downloader.Win32.Oneclick.Vs3w
Alibaba	Downloader:Win32/OneClick.9d1a9e2e
Cybereason	malicious.e98c58
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	not-a-virus:HEUR:Downloader.Win32.OneClick.gen
Avast	Win32:Malware-gen
Sophos	Generic Reputation PUA (PUA)
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Suspicious PE
Antiy-AVL	GrayWare[Downloader]/Win32.Adload.gen
Kingsoft	malware.kb.a.984
ZoneAlarm	not-a-virus:HEUR:Downloader.Win32.OneClick.gen
VBA32	suspected of Trojan.Downloader.gen
TrendMicro-HouseCall	TROJ_GEN.R002H07I423
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_100% (W)

How to remove Downloader.Win32.OneClick?

Downloader.Win32.OneClick removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X