Trojan.Win32.Wofith.vho removal instruction

The Trojan.Win32.Wofith.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Wofith.vho virus can do?

Executable code extraction
At least one process apparently crashed during execution
Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (6 unique times)
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
A potential decoy document was displayed to the user
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Harvests information related to installed mail clients

Related domains:

www.bing.com

ocsp.digicert.com

sr.symcd.com

crl.geotrust.com

How to determine Trojan.Win32.Wofith.vho?


File Info:
crc32: 3C0E47AF
md5: 91435aae64db056df9a9639b97f07f2d
name: 91435AAE64DB056DF9A9639B97F07F2D.mlw
sha1: 01fa52b3b6e6ab9551cd2292a96f7a0dcd740c4a
sha256: a7e5895c6cd023bd4c037e3b09c9448b5cee25ffeb697d46db062e4ea944d614
sha512: c1bdb2bdd15975ae7367d7692c8f83c108d1b0e4534c2f66464ff365a244708e6f45d775f62c0e10ae0cdfbb8f1ff60ec2c4efc08e6b5b192b8b372df39466ce
ssdeep: 3072:YjbLl/gvlDuK51Tj4mYWR/R4nkPR/1aVuyJjTvm8cJOD8WavRk2MfRFjpYJqR:YjlulDtnIo5R4nM/40yJHnc08WavHMFp
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
0: [No Data]

Trojan.Win32.Wofith.vho also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.70387
FireEye	Generic.mg.91435aae64db056d
ALYac	Trojan.GenericKDZ.70387
Malwarebytes	Worm.Agent
VIPRE	Worm.Win32.Agent.cp (v)
Sangfor	Malware
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Cybereason	malicious.e64db0
Invincea	ML/PE-A + Troj/Agent-BFWE
Baidu	Win32.Worm.Agent.fj
Cyren	W32/Agent.BUP.gen!Eldorado
Symantec	W32.SillyWNSE
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Wofith.vho
BitDefender	Trojan.GenericKDZ.70387
NANO-Antivirus	Trojan.Win32.Wofith.hzygna
Tencent	Malware.Win32.Gencirc.10cdcd99
Ad-Aware	Trojan.GenericKDZ.70387
Emsisoft	Trojan.GenericKDZ.70387 (B)
DrWeb	Trojan.MulDrop15.57947
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Sophos	Troj/Agent-BFWE
SentinelOne	Static AI – Malicious PE
Jiangmin	Worm.Agent.ws
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Worm/Win32.Agent.cp
Gridinsoft	Trojan.Heur!.032120A9
Microsoft	Worm:Win32/Sfone
ZoneAlarm	HEUR:Trojan.Win32.Wofith.vho
GData	Trojan.GenericKDZ.70387
AhnLab-V3	Worm/Win32.Agent.R339926
Acronis	suspicious
MAX	malware (ai score=89)
VBA32	Worm.Agent
ESET-NOD32	a variant of Win32/Agent.CP
Rising	Worm.Agent!1.BDD2 (TFE:1:niTl4eHV7cB)
Yandex	Trojan.GenAsa!yTn6LLlAQA4
Ikarus	Worm.Win32.Agent
Fortinet	W32/Agent.6C6A!tr
BitDefenderTheta	AI:Packer.B502E4621E
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM18.1.5984.Malware.Gen

How to remove Trojan.Win32.Wofith.vho?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan.Win32.Wofith.vho removal instruction