Should I remove “Trojan-Downloader.Win32.Wauchos.pb”?

The Trojan-Downloader.Win32.Wauchos.pb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Downloader.Win32.Wauchos.pb virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Presents an Authenticode digital signature
Dynamic (imported) function loading detected
Authenticode signature is invalid
Unusual version info supplied for binary

How to determine Trojan-Downloader.Win32.Wauchos.pb?


File Info:
name: D03F203225AF0FEE2213.mlw
path: /opt/CAPEv2/storage/binaries/a297eeae3778bb30657ffa691555eb691210b9e0f57bf5f00d83965d755bb6bb
crc32: 3C51E878
md5: d03f203225af0fee2213146d92e16ce8
sha1: ef3bd26040ec64832d1359a63de65f4c5a617076
sha256: a297eeae3778bb30657ffa691555eb691210b9e0f57bf5f00d83965d755bb6bb
sha512: ca8e99d68ff34a8c7b2c737bab8ab4d78dd68aab1e3497a30260de29a5e9df5fce1bb6350001ccd022766d527d10615db638665dd4a423c619203b5cfda7efe1
ssdeep: 6144:XDRMxppSSVridF55EGOaJhaQXgFIaUHQWWiNLsqEIvooEE0Wgpgh3ohHhDGntOTR:XDGxppI1wQwFXQWiNx3oVu49WA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BEA4171267E85034F1B36B70AF7566B04BBABC616D75CE2E23C4490D09B2A81FD31B67
sha3_384: d11fc4dc578fa97f38712c1e4e8ff40461613c16bc4b2e20c4043d89d812f6abadf8b9232ebaedc427788cf558c12878
ep_bytes: e8ad650000e97ffeffffe90632000055
timestamp: 2013-10-05 04:40:50

Version Info:
CompanyName: 
FileDescription: Setup
FileVersion: 12.0.21005.1 built by: REL
InternalName: setup.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: setup.exe
ProductName: 
ProductVersion: 12.0.21005.1
Translation: 0x0409 0x04b0

Trojan-Downloader.Win32.Wauchos.pb also known as:

Lionic	Trojan.Win32.Wauchos.a!c
FireEye	Trojan.GenericKD.36951265
McAfee	Artemis!D03F203225AF
Alibaba	TrojanDownloader:Win32/Wauchos.63d10228
VirIT	Trojan.Win32.Generic.N
Cyren	W32/Trojan.BGUO-2676
Kaspersky	Trojan-Downloader.Win32.Wauchos.pb
BitDefender	Trojan.GenericKD.36951265
MicroWorld-eScan	Trojan.GenericKD.36951265
Avast	FileRepMetagen [Trj]
Ad-Aware	Trojan.GenericKD.36951265
McAfee-GW-Edition	Artemis
Emsisoft	Trojan.GenericKD.36951265 (B)
GData	Trojan.GenericKD.36951265
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Generic.D233D4E1
ZoneAlarm	Trojan-Downloader.Win32.Wauchos.pb
Microsoft	Trojan:Win32/Wacatac.B!ml
ALYac	Trojan.GenericKD.36951265
MAX	malware (ai score=80)
Cylance	Unsafe
Rising	Downloader.Wauchos!8.D9 (CLOUD)
MaxSecure	Trojan.Malware.74266474.susgen
Fortinet	W32/Wauchos.PB!tr.dldr
AVG	FileRepMetagen [Trj]
Panda	Trj/CI.A

How to remove Trojan-Downloader.Win32.Wauchos.pb?

Trojan-Downloader.Win32.Wauchos.pb removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X