Trojan

MemScan:Trojan.Dorkbot.GD removal tips

Malware Removal

The MemScan:Trojan.Dorkbot.GD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MemScan:Trojan.Dorkbot.GD virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine MemScan:Trojan.Dorkbot.GD?



File Info:

name: E0128195BF40B2C63719.mlw
path: /opt/CAPEv2/storage/binaries/7272f85c3669e727dbd16a26d9d734b82ca0ecb134e61eefbf81b932ee82c4e6
crc32: 669F93DC
md5: e0128195bf40b2c6371901452927002f
sha1: 0bc3a645aa2a130e713ebf75c2e63af68ef2b47f
sha256: 7272f85c3669e727dbd16a26d9d734b82ca0ecb134e61eefbf81b932ee82c4e6
sha512: d2ecbb942ec2b2b9816ddd6df0a91cde95c4447548d9c3090704e31eeb49eabf9f101049c88d4d3850742d23883db871284f19fa4c425bd129c1354e58da65f8
ssdeep: 3072:BMmMcESH4efNoUjELJe2Vo4GhkEVDoHh2FmgyGnOo6EwBjn:BMmMcqeb0Je2VophFDoSvnOoz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172D3F28C821DCA19DA3A2DB94595331CE2262D7CB99D8FE3DC6DB3D0D2732096B71A50
sha3_384: e6aacdc7ba739a2eac1e7f58f1959e3a290333721fba9bfc2f69974a5b81e990abdb885317abdd2484bade9674ccf7ba
ep_bytes: 558bec6aff68e020400068701f400064
timestamp: 2008-10-03 10:15:19


Version Info:

FileDescription: Application
FileVersion: 1,0,0,0
InternalName: Application
LegalCopyright: Copyright (C) Application 2011
OriginalFilename: Application.exe
ProductName: Application
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04b0

MemScan:Trojan.Dorkbot.GD also known as:

BkavW32.AIDetect.malware1
LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanMemScan:Trojan.Dorkbot.GD
ClamAVWin.Trojan.Agent-531229
CAT-QuickHealW32.Virut.G
ALYacMemScan:Trojan.Dorkbot.GD
CylanceUnsafe
VIPREMemScan:Trojan.Dorkbot.GD
SangforSuspicious.Win32.Save.ins
Cybereasonmalicious.5bf40b
ArcabitTrojan.Dorkbot.GD
VirITWin32.Scribble.Q
CyrenW32/SpyEyes.C.gen!Eldorado
SymantecInfostealer
Elasticmalicious (high confidence)
ESET-NOD32Win32/Dorkbot.A
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderMemScan:Trojan.Dorkbot.GD
NANO-AntivirusTrojan.Win32.TrjGen.sonmy
SUPERAntiSpywareTrojan.Agent/Gen-Dorkbot
AvastWin32:Kryptik-BLY [Trj]
Ad-AwareMemScan:Trojan.Dorkbot.GD
EmsisoftMemScan:Trojan.Dorkbot.GD (B)
ComodoMalware@#1capu7eof0zrb
DrWebTrojan.Inject.55244
ZillyaWorm.Dorkbot.Win32.130
TrendMicroTSPY_DORKBOT_CA0803AF.TOMC
McAfee-GW-EditionVBobfus.es
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.e0128195bf40b2c6
SophosML/PE-A + Troj/Inject-STI
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Scar.ahjv
Webroot
AviraTR/Dropper.Gen
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.A.Scar.134657
GDataMemScan:Trojan.Dorkbot.GD
GoogleDetected
AhnLab-V3Win32/Autorun2.worm.Gen
McAfeeVBobfus.es
MAXmalware (ai score=84)
VBA32BScope.FakeAV.xd
MalwarebytesTrojan.Agent.Generic
TrendMicro-HouseCallTSPY_DORKBOT_CA0803AF.TOMC
RisingWorm.Dorkbot!8.1B4 (TFE:5:gTFjTSwYp3E)
YandexTrojan.GenAsa!p3YnRnCYSg0
IkarusBackdoor.Win32.Poison
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/DorkBot.A!tr
BitDefenderThetaAI:Packer.FDA7EC801F
AVGWin32:Kryptik-BLY [Trj]
PandaW32/IRCBot.DAS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove MemScan:Trojan.Dorkbot.GD?

MemScan:Trojan.Dorkbot.GD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment