Trojan

TrojanDownloader:Win32/Dofoil!pz removal guide

Malware Removal

The TrojanDownloader:Win32/Dofoil!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Dofoil!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Dofoil!pz?



File Info:

name: 49AA0456ADDC1AD3DED6.mlw
path: /opt/CAPEv2/storage/binaries/b4599e93b89fd7041de09b0b360fe05d28676a0641d3bf2d07e93baf65a8eecf
crc32: 3F10583F
md5: 49aa0456addc1ad3ded65dac48c47334
sha1: 9c4daa5c3314d2db99f0c1351c2c1614bd637610
sha256: b4599e93b89fd7041de09b0b360fe05d28676a0641d3bf2d07e93baf65a8eecf
sha512: 417f0302c49050162ca2db21efd96d0051573926139cc9c1da8383759771a96643e5f3cd088c05cc30b084e61a3183503648913dc2ac4b30cf3f6339d601d4c6
ssdeep: 1536:iGyfaI90d54sFz0cYEqbUcWm5JQaqtoO73zBkRAlbDUU0qXcIV:iGyfaq0wsFXdq115lcoO7zBkRAlbDUU6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CBA317F0F46BEE77F5C2403C6421A115C75B82B2EA569261F993F2EEA6F23507108C97
sha3_384: e60c16da163cf3ee781f15447c93ba2e3def7d54953158eda68c8aae5a6c0c355c09c6c650d3456e9e39c52165337728
ep_bytes: 60be008041008dbe0090feff5783cdff
timestamp: 2018-03-07 15:48:33


Version Info:

CompanyName: Siber          Systems
FileDescription: RoboForm TaskBar Icon
FileVersion: 7-9-15-8
InternalName: RoboTaskBarIcon
Translation: 0x0000 0x04b0

TrojanDownloader:Win32/Dofoil!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.OnLineGames.lbtV
AVGWin32:Generic-YP [Trj]
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Ransom.1344
FireEyeGeneric.mg.49aa0456addc1ad3
CAT-QuickHealTrojan.DoFoil.S2448668
SkyhighBehavesLike.Win32.Generic.nc
ALYacGen:Variant.Ransom.1344
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Variant.Ransom.1344
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005297d11 )
K7GWTrojan ( 005297d11 )
Cybereasonmalicious.6addc1
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.CFGL
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Dofoil-6496117-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.1344
NANO-AntivirusTrojan.Win32.Androm.eysbjx
AvastWin32:Generic-YP [Trj]
TencentMalware.Win32.Gencirc.1158d083
TACHYONBackdoor/W32.Androm.126976.AL
SophosMal/Cerber-AL
F-SecureHeuristic.HEUR/AGEN.1310232
DrWebTrojan.DownLoad4.6238
ZillyaBackdoor.Androm.Win32.66346
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ransom.1344 (B)
IkarusTrojan.Agent
JiangminBackdoor.Androm.xlx
VaristW32/Agent.DBO.gen!Eldorado
AviraHEUR/AGEN.1310232
Antiy-AVLTrojan[Downloader]/Win32.Dofoil
Kingsoftmalware.kb.b.964
MicrosoftTrojanDownloader:Win32/Dofoil!pz
ArcabitTrojan.Ransom.D540
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.Dofoil.A
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C3353780
McAfeeProxy-FBA!27511E472FB2
MAXmalware (ai score=83)
VBA32BScope.TrojanRansom.Shade
Cylanceunsafe
RisingBackdoor.Androm!8.113 (TFE:5:LZDlKITv0EB)
YandexTrojan.GenAsa!ur10lMRAZcE
SentinelOneStatic AI – Malicious PE
FortinetW32/GenKryptik.APNI!tr
BitDefenderThetaGen:NN.ZexaF.36802.fmKfayrxEIg
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan:Win/CerberCrypt.PB!MTB

How to remove TrojanDownloader:Win32/Dofoil!pz?

TrojanDownloader:Win32/Dofoil!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment