Virus

Should I remove “Snow.Virus.FileInfector.DDS”?

Malware Removal

The Snow.Virus.FileInfector.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Snow.Virus.FileInfector.DDS virus can do?

  • A file was accessed within the Public folder.
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Installs WinPCAP
  • Anomalous binary characteristics
  • Binary compilation timestomping detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Snow.Virus.FileInfector.DDS?



File Info:

name: F765058F7D769FF0DADE.mlw
path: /opt/CAPEv2/storage/binaries/e8dd09bc0deb6bc907268c8970d961a3229dcb96dc87520a8ef19e116746a9f7
crc32: 043DD21A
md5: f765058f7d769ff0dade27f6ac8e6ccf
sha1: cf6337cfa1b72429aee3ec3cf5608c1509758064
sha256: e8dd09bc0deb6bc907268c8970d961a3229dcb96dc87520a8ef19e116746a9f7
sha512: 0de768cecdd01baaa34f41f3bf9cc0fef526e2daf4e6b421e5c2f38547247dcc9cba24bd21cafb7291694c0e00e5fcdd5aa2af12f2414d6978a8444a0c9e7b8f
ssdeep: 24576:5KJUOmJzGFIescuLPTIrtDmJT9/tiHgY0BYXr:BxGGBcKPTIYJT9FiHgYk6r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A3759E603282413DF6630AB4A9B99B76157FBC311B3884C7E3D43BAD29349C27A35776
sha3_384: 646c6ea4d9b2c73662d12e14a6c02054e67fcb0f4168d6838fb9172e2a22b6345e3420ecb3c7f879742db813dd6e4f55
ep_bytes: 558bec81ecd400000068fa3a4000e8bc
timestamp: 2033-07-01 00:44:03


Version Info:

CompanyName: Sogou.com Inc.
FileDescription: 搜狗输入法 扩展功能管理器
FileVersion: 11.7.0.5464
InternalName: SogouIME Component Manager
LegalCopyright: © 2022 Sogou.com Inc. All rights reserved.
OriginalFilename: SogouComMgr.exe
ProductName: 搜狗输入法
ProductVersion: 11.7.0.5464
Translation: 0x0804 0x04b0

Snow.Virus.FileInfector.DDS also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Trojan.Malware.Kz0bauIMOLhj
ClamAVWin.Trojan.249624-1
FireEyeGeneric.mg.f765058f7d769ff0
CAT-QuickHealW32.Snow.A
ALYacGen:Trojan.Malware.Kz0bauIMOLhj
MalwarebytesSnow.Virus.FileInfector.DDS
Cybereasonmalicious.f7d769
CyrenW32/Sown.A
SymantecW32.Snow.A
Elasticmalicious (high confidence)
ESET-NOD32Win32/Snow.A
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan-Dropper.Win32.Agent.ajy
BitDefenderGen:Trojan.Malware.Kz0bauIMOLhj
NANO-AntivirusTrojan.Win32.Agent.kbjc
AvastWin32:Agent-LO [Trj]
TencentVirus.Win32.Snow.a
EmsisoftGen:Trojan.Malware.Kz0bauIMOLhj (B)
F-SecureMalware.W32/Snow
DrWebWin32.Snow
VIPREGen:Trojan.Malware.Kz0bauIMOLhj
TrendMicroPE_SNOW.A
McAfee-GW-EditionBehavesLike.Win32.Sality.th
SophosMal/Generic-R
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Agent.qk
AviraW32/Snow
XcitiumTrojWare.Win32.TrojanDropper.Agent.ajy0@1eqrjt
ArcabitTrojan.Malware.Kz0bauIMOLhj
ZoneAlarmTrojan-Dropper.Win32.Agent.ajy
GDataGen:Trojan.Malware.Kz0bauIMOLhj
GoogleDetected
AhnLab-V3Win32/Snow
McAfeeW32/Snow.a
MAXmalware (ai score=82)
VBA32TrojanDropper.Agent
Cylanceunsafe
TrendMicro-HouseCallPE_SNOW.A
RisingWin32.SNOW.a (CLASSIC)
YandexWin32.Snow.A
IkarusTrojan.Patched
FortinetW32/SNOW.A
AVGWin32:Agent-LO [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Snow.Virus.FileInfector.DDS?

Snow.Virus.FileInfector.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment