Trojan

Trojan:AndroidOS/Multiverze removal guide

Malware Removal

The Trojan:AndroidOS/Multiverze is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:AndroidOS/Multiverze virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Japanese
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs

How to determine Trojan:AndroidOS/Multiverze?


File Info:

crc32: 627E66EE
md5: 208bd8a2b70085494d9a7a397415cd59
name: 208BD8A2B70085494D9A7A397415CD59.mlw
sha1: 5b1046150fd546785b10c389f4a2cb849b983cfe
sha256: 4f76255bf08cbbf7b39955ec3e7769096da0eb2497aef8a50eff36a4a2dd51f1
sha512: 9d0795707fb33961e5e03f12613c1cc2d9d4fd51c62df7e5054863010af6503fe26fb11ef7af4f1f0d9ba1738069535bbe39de774aa722d2b997adfe7aac12e7
ssdeep: 6144:XpZt5b9chl8pqqDGGxzod1WXruH43ZrCx63msTjqOuG7mBIrJvfd8fkKCKoj6d:XpZT9q8EqSGB2dSCkjYSt8fk72
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright(c) 2001-2016 by pon software
InternalName: deczipW
FileVersion: 7.05
CompanyName: pon software
Comments:
ProductName: decode zip unicode version.
ProductVersion: 7.05
FileDescription: Win32 Zip Self-Extractor
OriginalFilename: deczipW.exe
Translation: 0x0000 0x04b0

Trojan:AndroidOS/Multiverze also known as:

K7AntiVirusRiskware ( 0040eff71 )
LionicTrojan.Win32.DiskWriter.4!c
Elasticmalicious (high confidence)
CAT-QuickHealTrojan.DiskWriter
McAfeeArtemis!208BD8A2B700
CylanceUnsafe
ZillyaTrojan.Generic.Win32.55090
SangforTrojan.Win32.DiskWriter.ghi
AlibabaTrojan:Win32/KillMBR.38c0b200
K7GWRiskware ( 0040eff71 )
CyrenW32/Trojan.KWSK-5377
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
AvastWin64:Malware-gen
CynetMalicious (score: 99)
KasperskyTrojan.Win32.DiskWriter.ghi
BitDefenderTrojan.GenericKD.46731442
MicroWorld-eScanTrojan.GenericKD.46731442
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WHE21
McAfee-GW-EditionRDN/Generic.dx
FireEyeTrojan.GenericKD.46731442
EmsisoftTrojan.GenericKD.46731442 (B)
WebrootW32.DiskWriter
AviraTR/DiskWriter.vmdsk
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.344B857
MicrosoftTrojan:AndroidOS/Multiverze
GDataTrojan.GenericKD.37331387
AhnLab-V3Trojan/Win.Generic.C4583918
VBA32Trojan.DiskWriter
MAXmalware (ai score=88)
MalwarebytesMalware.AI.1848494700
PandaTrj/CI.A
RisingTrojan.Generic@ML.92 (RDML:05TiNfbFleZiEk2TvaFw/g)
YandexTrojan.DiskWriter!REj/nUTAbBo
FortinetW32/DiskWriter.AG!tr
AVGWin64:Malware-gen
Qihoo-360Win32/Ransom.DiskWriter.HgIASZgA

How to remove Trojan:AndroidOS/Multiverze?

Trojan:AndroidOS/Multiverze removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment