Malware

How to remove “Downloader.Win32.Snojan.gvbp”?

Malware Removal

The Downloader.Win32.Snojan.gvbp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.Snojan.gvbp virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Anomalous binary characteristics

How to determine Downloader.Win32.Snojan.gvbp?



File Info:

name: C0D39FCB6752691118F8.mlw
path: /opt/CAPEv2/storage/binaries/084ffdaf89f431ef0227e986e2ba51f8cf06e3057f358a233d910d1c20d23f14
crc32: 0786956D
md5: c0d39fcb6752691118f8e38f7387edb6
sha1: 75dea124d3f4d8e0e7593ef59849c7becae84e44
sha256: 084ffdaf89f431ef0227e986e2ba51f8cf06e3057f358a233d910d1c20d23f14
sha512: c6fd67e9867d538a19ee144764619d4d7607b5ff73c59b61febf7f6b0227d04868ecd05167bcab72b721da93c931343ce38bdb5a74dcb209dfe03dcec9ce599c
ssdeep: 98304:wfZJzSUygHSSMUhLFl0gsd9FjpUv0E7DN9G6lKVVdUA4wMSd7:wJfXySMqCg2c00DNipMSd7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE06338014E43885F27CC8BC75548E9D95338D9483999664CCA3F5FE7A70AA297AF30F
sha3_384: e42c2f3a1ec74eb221dddb72ceaed2f18404050b9890364f734b27c288b733893f9df45fac641f8915d75fd334414e68
ep_bytes: 60be00304b008dbe00e0f4ff5783cdff
timestamp: 1970-01-10 03:09:52


Version Info:

CompanyName: Kingsoft Corporation
FileDescription: 新毒霸安装程序
FileVersion: 2014,01,03,8367
InternalName: kpacket
LegalCopyright: Copyright (C) 1998-2014 Kingsoft Corporation
OriginalFilename: kpacket.exe
ProductName: Kingsoft Internet Security
ProductVersion: 9,0,141509,8367
Translation: 0x0000 0x04b0

Downloader.Win32.Snojan.gvbp also known as:

BkavW32.AIDetect.malware2
McAfeeArtemis!C0D39FCB6752
CylanceUnsafe
SangforPUP.Win32.Snojan.gvbp
K7AntiVirusUnwanted-Program ( 0056626f1 )
K7GWUnwanted-Program ( 0056626f1 )
Cybereasonmalicious.4d3f4d
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/KingSoft.L potentially unwanted
Paloaltogeneric.ml
Kasperskynot-a-virus:Downloader.Win32.Snojan.gvbp
McAfee-GW-EditionBehavesLike.Win32.BadFile.wc
SophosGeneric PUA HF (PUA)
MicrosoftProgram:Win32/Uwamson.A!ml
CynetMalicious (score: 100)
VBA32Downloader.Snojan
MalwarebytesMalware.AI.4169049723
SentinelOneStatic AI – Malicious PE
FortinetMalicious_Behavior.SB

How to remove Downloader.Win32.Snojan.gvbp?

Downloader.Win32.Snojan.gvbp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment