Trojan

Trojan.Win32.Hesv.daqy removal guide

Malware Removal

The Trojan.Win32.Hesv.daqy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Hesv.daqy virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan.Win32.Hesv.daqy?



File Info:

crc32: 127A1E17
md5: 04b973f0a63f5e1f468ae7dadc9fc442
name: ms-word-print-multiple-documents-software_70.exe
sha1: cd8981266b32fca3d380690044b8ac007d11d4aa
sha256: 23707df4fdf703dc4102583cc3b930cf9179a5629690417cd639abcad91b5de9
sha512: 3f310826cfe00bcfe8d8987e67bcf8b648fcd90fe148abafeae868be05554b7002c9c302c593f8b8c981ac4e12afe3c4e9c9a6a4a13f5c78996f3088cf113bf4
ssdeep: 196608:aaCdva8NXkgra8jhV/DLs6yWiN4D1v3Jf2mbVGtFXW/moyifnqyVNfrqjG/zsy3/:aRdSQJa6fsmOc2mMXXBG/qy3qgRuKH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Sobolsoft                                                   
Comments: This installation was built with Inno Setup.
ProductName: MS Word Print Multiple Documents Software                   
ProductVersion:                                                   
FileDescription: MS Word Print Multiple Documents Software Setup             
Translation: 0x0000 0x04b0

Trojan.Win32.Hesv.daqy also known as:

McAfeeArtemis!04B973F0A63F
CyrenW32/Trojan.RVFT-6839
SymantecTrojan.Gen.2
Paloaltogeneric.ml
KasperskyTrojan.Win32.Hesv.daqy
TencentWin32.Trojan.Hesv.Fsb
SophosGeneric PUA MP (PUA)
DrWebTrojan.DownLoader23.28868
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.wc
Trapminemalicious.high.ml.score
AviraTR/Hesv.vdzal
ZoneAlarmTrojan.Win32.Hesv.daqy
MicrosoftTrojan:Win32/Bitrep.A
VBA32Trojan.Hesv
RisingTrojan.Hesv!8.EDB6 (CLOUD)
YandexTrojan.Hesv!
IkarusTrojan.Hesv
FortinetW32/Hesv.DAQY!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
Qihoo-360Win32/Trojan.900

How to remove Trojan.Win32.Hesv.daqy?

Trojan.Win32.Hesv.daqy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment