Trojan.Win32.Wofith.vho removal instruction

Malware Removal

The Trojan.Win32.Wofith.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Wofith.vho virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • A potential decoy document was displayed to the user
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Harvests information related to installed mail clients

Related domains:

www.bing.com
ocsp.digicert.com
sr.symcd.com
crl.geotrust.com

How to determine Trojan.Win32.Wofith.vho?


File Info:

crc32: 3C0E47AF
md5: 91435aae64db056df9a9639b97f07f2d
name: 91435AAE64DB056DF9A9639B97F07F2D.mlw
sha1: 01fa52b3b6e6ab9551cd2292a96f7a0dcd740c4a
sha256: a7e5895c6cd023bd4c037e3b09c9448b5cee25ffeb697d46db062e4ea944d614
sha512: c1bdb2bdd15975ae7367d7692c8f83c108d1b0e4534c2f66464ff365a244708e6f45d775f62c0e10ae0cdfbb8f1ff60ec2c4efc08e6b5b192b8b372df39466ce
ssdeep: 3072:YjbLl/gvlDuK51Tj4mYWR/R4nkPR/1aVuyJjTvm8cJOD8WavRk2MfRFjpYJqR:YjlulDtnIo5R4nM/40yJHnc08WavHMFp
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Trojan.Win32.Wofith.vho also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.70387
FireEyeGeneric.mg.91435aae64db056d
ALYacTrojan.GenericKDZ.70387
MalwarebytesWorm.Agent
VIPREWorm.Win32.Agent.cp (v)
SangforMalware
K7AntiVirusTrojan ( 0051918e1 )
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.e64db0
InvinceaML/PE-A + Troj/Agent-BFWE
BaiduWin32.Worm.Agent.fj
CyrenW32/Agent.BUP.gen!Eldorado
SymantecW32.SillyWNSE
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Wofith.vho
BitDefenderTrojan.GenericKDZ.70387
NANO-AntivirusTrojan.Win32.Wofith.hzygna
TencentMalware.Win32.Gencirc.10cdcd99
Ad-AwareTrojan.GenericKDZ.70387
EmsisoftTrojan.GenericKDZ.70387 (B)
DrWebTrojan.MulDrop15.57947
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
SophosTroj/Agent-BFWE
SentinelOneStatic AI – Malicious PE
JiangminWorm.Agent.ws
WebrootW32.Trojan.Gen
AviraTR/Crypt.XPACK.Gen
Antiy-AVLWorm/Win32.Agent.cp
GridinsoftTrojan.Heur!.032120A9
MicrosoftWorm:Win32/Sfone
ZoneAlarmHEUR:Trojan.Win32.Wofith.vho
GDataTrojan.GenericKDZ.70387
AhnLab-V3Worm/Win32.Agent.R339926
Acronissuspicious
MAXmalware (ai score=89)
VBA32Worm.Agent
ESET-NOD32a variant of Win32/Agent.CP
RisingWorm.Agent!1.BDD2 (TFE:1:niTl4eHV7cB)
YandexTrojan.GenAsa!yTn6LLlAQA4
IkarusWorm.Win32.Agent
FortinetW32/Agent.6C6A!tr
BitDefenderThetaAI:Packer.B502E4621E
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM18.1.5984.Malware.Gen

How to remove Trojan.Win32.Wofith.vho?

Trojan.Win32.Wofith.vho removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment