Spy

What is “Spyware.Vidar”?

Malware Removal

The Spyware.Vidar is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Spyware.Vidar virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Checks for the presence of known windows from debuggers and forensic tools
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Collects information to fingerprint the system

Related domains:

klegrandlichgrum.com
ip-api.com

How to determine Spyware.Vidar?



File Info:

crc32: BB067C54
md5: c3defbd7fffd387d09be5347ec1a83a1
name: dor.exe
sha1: ebc54f115ef8f632c6b46e72fddab8c9ba383ff3
sha256: 189464e30cbebaec6a543baaf35c24a2d0f44143fc6992014c81780563c0984a
sha512: 1796986c67528a0d02149abee0f1548551db6708cdf8affd79b3019a30c66fdf37b11abd19e4b0c055b88d1f8caa6c316cf27f96466bb59672415f120f492383
ssdeep: 24576:E8DmVchRKPN6ESo+0JB2XIweCpI9Z2UBfVYhzZFQ4mB6tQJ:gARKPN6ESz0nw5pI9ZTfVIXQAqJ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2000 - 2014 KG and its Licensors
InternalName: Mrale Detectable
FileVersion: 5.7.4.7
CompanyName: NoVirusThanks Company Srl
LegalTrademarks: Copyright xa9 2000 - 2014 KG and its Licensors
Comments: Sculatr 2500 Aes
ProductName: Mrale Detectable
ProductVersion: 5.7.4.7
FileDescription: Sculatr 2500 Aes
Translation: 0x0409 0x04b0

Spyware.Vidar also known as:

MicroWorld-eScanTrojan.GenericKD.41899419
FireEyeGeneric.mg.c3defbd7fffd387d
CAT-QuickHealTrojan.Chapak
McAfeeArtemis!C3DEFBD7FFFD
MalwarebytesSpyware.Vidar
ZillyaTrojan.Kryptik.Win32.1794435
SangforMalware
K7AntiVirusTrojan ( 00559c111 )
AlibabaTrojan:Win32/Chapak.d8c8bbfe
K7GWTrojan ( 00559c111 )
CrowdStrikewin/malicious_confidence_90% (W)
Invinceaheuristic
BitDefenderThetaGen:NN.ZexaF.32519.mz0@aSC2ukhi
SymantecTrojan.Gen.MBT
APEXMalicious
AvastWin32:Malware-gen
GDataTrojan.GenericKD.41899419
KasperskyTrojan.Win32.Chapak.eatw
BitDefenderTrojan.GenericKD.41899419
NANO-AntivirusTrojan.Win32.Chapak.gdndpe
AegisLabTrojan.Multi.Generic.4!c
RisingTrojan.Generic@ML.83 (RDML:xkjjshEts+8//lcMJjLh/g)
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#3v13sehq3v075
F-SecureTrojan.TR/AD.MalwareCrypter.qbunp
DrWebTrojan.PWS.Stealer.24298
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R020C0WJH19
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftTrojan.GenericKD.41899419 (B)
IkarusTrojan-Ransom.GandCrab
CyrenW32/Trojan.DIWJ-1219
WebrootW32.Chapak.Eatw
AviraTR/AD.MalwareCrypter.qbunp
Antiy-AVLTrojan/Win32.Chapak
MicrosoftTrojan:Win32/Casdet!rfn
ArcabitTrojan.Generic.D27F559B
ZoneAlarmTrojan.Win32.Chapak.eatw
AhnLab-V3Trojan/Win32.Chapak.C3517361
Acronissuspicious
ALYacTrojan.Agent.Casur
MAXmalware (ai score=87)
Ad-AwareTrojan.GenericKD.41899419
CylanceUnsafe
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.EIOZ
TrendMicro-HouseCallTROJ_GEN.R020C0WJH19
FortinetW32/Chapak.EATW!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360HEUR/QVM10.2.91A3.Malware.Gen

How to remove Spyware.Vidar?

Spyware.Vidar removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment