Trojan

Should I remove “Trojan-Downloader.Win32.Dofoil.bvyz”?

Malware Removal

The Trojan-Downloader.Win32.Dofoil.bvyz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Dofoil.bvyz virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Network activity detected but not expressed in API logs
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan-Downloader.Win32.Dofoil.bvyz?



File Info:

name: E819FC827203B1BC0AF0.mlw
path: /opt/CAPEv2/storage/binaries/9af4bb10a1008124bdbadab8447242ef0150d8e6cc1c3af47696b6cc8514dc61
crc32: 125AD226
md5: e819fc827203b1bc0af057896c395531
sha1: 784f6a6b4c919b4e7fa293f6cca4d28cd4b2f95f
sha256: 9af4bb10a1008124bdbadab8447242ef0150d8e6cc1c3af47696b6cc8514dc61
sha512: c78d8ef26b3d438312e77480ca48fe7d8c6a660c66f4f545b996895bb1dba892e25359166bf7b1c0ffe2cc9a55737e8316eab5627b7666f220adb0f6bf0025b0
ssdeep: 6144:opEDI3D6miDcnYLM4/ETe/trPF3SlfuptT/:1Dm6eQMCAeVQlf4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB646A11B381E431E27B013F19D4ABA6066BBD715B2184F773C0373B5A722F6961A36B
sha3_384: b69be726cf80693976918ec8d8b73c708f7343e5b0a2f9bef1d81aa9d205ff29be0fd22cbbac74507c9451a15a77818e
ep_bytes: e89a7d0000e9000000006a1468d8a942
timestamp: 2018-11-23 02:03:49


Version Info:

Comments: Functinal Loving
FileDescription: Functinal Loving
LegalCopyright: Copyright (c) 2006-2014  PGWARE LLC
FileVersion: 5.2.34.7
CompanyName: PGWARE LLC
ProductName: Center Lu
ProductVersion: 5.2.34.7
Translation: 0x0409 0x04b0

Trojan-Downloader.Win32.Dofoil.bvyz also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Dofoil.a!c
DrWebTrojan.PWS.Stealer.25227
MicroWorld-eScanGen:Heur.Mint.Zard.52
FireEyeGeneric.mg.e819fc827203b1bc
McAfeeRDN/Generic Downloader.x
CylanceUnsafe
ZillyaDownloader.Dofoil.Win32.4093
SangforTrojan.Win32.Dofoil.bvyz
K7AntiVirusTrojan-Downloader ( 0052b9881 )
AlibabaTrojanDownloader:Win32/Dofoil.7b72d4b5
K7GWTrojan-Downloader ( 0052b9881 )
Cybereasonmalicious.27203b
BitDefenderThetaGen:NN.ZexaF.34294.sq0@aKAs!Nfi
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Smokeloader.F
TrendMicro-HouseCallMal_MiliCry-1c
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Dofoil.bvyz
BitDefenderGen:Heur.Mint.Zard.52
NANO-AntivirusTrojan.Win32.Dofoil.fkpkxj
AvastWin32:Malware-gen
Ad-AwareGen:Heur.Mint.Zard.52
EmsisoftGen:Heur.Mint.Zard.52 (B)
ComodoMalware@#1bqem39b93i1e
VIPRETrojan.Win32.Generic!BT
TrendMicroMal_MiliCry-1c
McAfee-GW-EditionBehavesLike.Win32.Dropper.fh
SophosMal/Generic-S
IkarusTrojan-Spy.Remcos
GDataGen:Heur.Mint.Zard.52
JiangminTrojanDownloader.Dofoil.csa
Antiy-AVLTrojan/Generic.ASMalwS.299D7D3
KingsoftWin32.TrojDownloader.Dofoil.bv.(kcloud)
GridinsoftRansom.Win32.Occamy.sa
ArcabitTrojan.Mint.Zard.52
MicrosoftTrojan:Win32/Occamy.C9A
AhnLab-V3Trojan/Win32.Agent.C2851356
VBA32BScope.TrojanRansom.Crypmod
ALYacGen:Heur.Mint.Zard.52
APEXMalicious
RisingTrojan.Generic@ML.91 (RDMK:7P6Sk5zZFq+1J/KYM6RJ3g)
YandexTrojan.DL.Dofoil!2u7xlcsJr9c
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.GNCH!tr
WebrootW32.Trojan.Gen
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan-Downloader.Win32.Dofoil.bvyz?

Trojan-Downloader.Win32.Dofoil.bvyz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment