Trojan.Win32.Gofot.exn removal tips

The Trojan.Win32.Gofot.exn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Gofot.exn virus can do?

Sample contains Overlay data
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Trojan.Win32.Gofot.exn?


File Info:
name: 01012294BF71094B1B10.mlw
path: /opt/CAPEv2/storage/binaries/7d36d9cf208060886e10b5650ce1b95933ac4445edf9a4d8215be94d1f6b703e
crc32: F65F86F8
md5: 01012294bf71094b1b1035201d21e115
sha1: 0fc449e9dd07c7b49aee51c968b48e7ba82217c3
sha256: 7d36d9cf208060886e10b5650ce1b95933ac4445edf9a4d8215be94d1f6b703e
sha512: 7b28bf87e9740a291500bc260c4bfa3f79990d32a8ad7557ea463ac3d5dc6f34dc4144d9000a8389734e499a193a95cffa94cfd1265defc7e7838f1d097c7a67
ssdeep: 6144:GxrlM4OUlFQUZ1316lG49T7dqGgRV5pLaeGHrIr1fjSTbaaQ:HGmUZ516lG4xdqjH9IOrkQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15FA43AD1B6DAA0F6DD8B297608226FFF7C635D701F07C9871291FA245B724A388364D8
sha3_384: 7916de311df5c31d6ba82fa38a08f33a19b519b03344cfe054c39abf4ad380f1af0a208f1d26e2e9d633e90da1911c7f
ep_bytes: 558bec6aff6898bb4300685629430064
timestamp: 1987-01-30 03:38:08

Version Info:
Comments: 
CompanyName: 北京暴风网际科技有限公司
FileDescription: 暴风影音媒体控制中心
FileVersion: 3, 8, 1, 13
InternalName: ccosm
LegalCopyright: 版权所有 (C) 2007 www.baofeng.com
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 暴风影音媒体控制中心
ProductVersion: 3, 8, 1, 13
SpecialBuild: 
Translation: 0x0800 0x04b0

Trojan.Win32.Gofot.exn also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Gofot.4!c
Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Virut-27
CAT-QuickHeal	W32.Virut.D
Cylance	Unsafe
Zillya	Downloader.Genome.Win32.70480
K7AntiVirus	Virus ( 00001b761 )
Alibaba	Trojan:Win32/Gofot.50990145
K7GW	Virus ( 00001b761 )
CrowdStrike	win/malicious_confidence_70% (D)
VirIT	Trojan.Win32.DownLoad2.BXYI
Symantec	Trojan.Gen.6
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Gofot.exn
Avast	Win32:WrongInf-F [Susp]
Tencent	Win32.Trojan.Gofot.Aujl
TACHYON	Trojan/W32.Gofot.478120
McAfee-GW-Edition	BehavesLike.Win32.BadFile.gh
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.01012294bf71094b
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Malware.Gen
Avira	W32/Virut.Gen
Kingsoft	Win32.Infected.Virut.sr.(kcloud)
Microsoft	Trojan:Win32/Occamy.C
Google	Detected
VBA32	BScope.Trojan.Gofot
Malwarebytes	Malware.Heuristic.1001
Rising	Virus.Virut!8.44 (CLOUD)
Ikarus	Win32.Virut
MaxSecure	Trojan.Malware.77577245.susgen
BitDefenderTheta	Gen:NN.ZexaF.34784.Dq1@a8NQggnb
AVG	Win32:WrongInf-F [Susp]
Cybereason	malicious.9dd07c

How to remove Trojan.Win32.Gofot.exn?

Trojan.Win32.Gofot.exn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X