Malware

ML/PE-A + Mal/Mdrop-Y removal

Malware Removal

The ML/PE-A + Mal/Mdrop-Y is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/Mdrop-Y virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Created a service that was not started
  • Creates a slightly modified copy of itself

How to determine ML/PE-A + Mal/Mdrop-Y?



File Info:

crc32: 9743C626
md5: a0d97842f639643455ce07d2282f42c5
name: A0D97842F639643455CE07D2282F42C5.mlw
sha1: 3a6d373d9568cbfb219afbc4cde9e374b378dcd7
sha256: 8ac38b067851aa4e7f351a8e67724d915665995bcc3c586eaaa2dff489bf8c2c
sha512: 8aead79a7389b54ded6116f09df197550750b2bbc8c4756861e3e8247d810cb4ca7e74b0f824159ef0f2218f22cd8c5d5522df93d837b06be9dad5f90dfd92be
ssdeep: 1536:JcS4pN9WmCNWQNlc2oungOzp+edWTgLrppvqKlZUcNXUsmnj:JcnsNWiO25ngwUYaKEcWfj
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright(C) 2006-2009 QVOD
InternalName: QvodInstall.exe
FileVersion: 3, 0, 0, 0
CompanyName: Shenzhen QVOD Technology Co.,Ltd
ProductName: QvodInstall Module
ProductVersion: 3, 0, 0, 0
FileDescription: QvodInstall Module
OriginalFilename: QvodInstall.exe
Translation: 0x0409 0x04b0

ML/PE-A + Mal/Mdrop-Y also known as:

K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen2.7903
ClamAVWin.Virus.Wapomi-6725863-0
CAT-QuickHealExploit.ShellCode.Gen
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Dorv.ea520735
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.2f6396
BaiduWin32.Virus.Virut.gen
CyrenW32/Trojan.XQUB-1353
SymantecW32.Wapomi
ESET-NOD32Win32/Virut.NBP
APEXMalicious
AvastWin32:Vitro [Inf]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Win32.QVod.A
NANO-AntivirusTrojan.Win32.KillAV.vknvr
ViRobotTrojan.Win32.A.KillAV.57344
MicroWorld-eScanGen:Win32.QVod.A
TencentTrojan.Win32.KillAV.aad
Ad-AwareGen:Win32.QVod.A
SophosML/PE-A + Mal/Mdrop-Y
ComodoTrojWare.Win32.Agent.AFKL@4ntits
BitDefenderThetaGen:NN.ZexaF.34758.fC0baOpmpPhb
VIPRETrojan.Win32.KillAV.gym (v)
TrendMicroTROJ_AGENT_044860.TOMB
McAfee-GW-EditionBehavesLike.Win32.Ipamor.mc
FireEyeGeneric.mg.a0d97842f6396434
EmsisoftGen:Win32.QVod.A (B)
SentinelOneStatic AI – Malicious PE
JiangminWin32/Virut.bv
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.3A9444
MicrosoftTrojan:Win32/Dorv.A
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
GDataGen:Win32.QVod.A
AhnLab-V3Trojan/Win32.Qvod.R2044
Acronissuspicious
VBA32Trojan.Dorv
MAXmalware (ai score=81)
MalwarebytesNimnul.Virus.FileInfector.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_AGENT_044860.TOMB
YandexTrojan.GenAsa!ucETNTo3YCA
IkarusTrojan-Dropper.Win32.Bototer
MaxSecureTrojan.W32.KillAV.GYM
FortinetW32/Generic.AC.10690!tr
AVGWin32:Vitro [Inf]
Paloaltogeneric.ml

How to remove ML/PE-A + Mal/Mdrop-Y?

ML/PE-A + Mal/Mdrop-Y removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment