Trojan

Trojan:O97M/Donoff!MSR removal guide

Malware Removal

The Trojan:O97M/Donoff!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:O97M/Donoff!MSR virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs
  • Harvests information related to installed mail clients

How to determine Trojan:O97M/Donoff!MSR?



File Info:

crc32: DD0CEAAB
md5: 7c68cfe3c735782098888ffabc8d6e13
name: upload_file
sha1: 8da67457bd235de94c4b1340bafcf8fecca9a532
sha256: 1eb7ae49135e0c3fd1e802740e5658e52eef3a38bdacbf756a33100ff6bbaad5
sha512: ed0b41f741e946045fcf4b672dc71639933453f8146fd4e12d248373d8675552cf4ad643c951495267af3d0e8331f74f9d9045e8d398f7b62fa75c2a8dee5bac
ssdeep: 6144:0k3hOdsylKlgryzc4bNhZF+E+W2knJ+AqmFkM9lz2KE8hBdLVoo5z9Nn/FDC5GV:H5kMHq/8oo5ztOcVLEP9iYtHliEM9fG
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: DELL, Last Saved By: DELL, Create Time/Date: Thu Jul 30 10:02:56 2020, Last Saved Time/Date: Thu Jul 30 10:02:56 2020, Security: 0


Version Info:

0: [No Data]

Trojan:O97M/Donoff!MSR also known as:

MicroWorld-eScanTrojan.GenericKD.34265961
FireEyeTrojan.GenericKD.34265961
AegisLabTrojan.MSExcel.Generic.4!c
SymantecTrojan.Gen.2
ESET-NOD32VBA/TrojanDownloader.Agent.TXV
AvastSNH:Script [Dropper]
GDataGeneric.Trojan.Agent.S952XO
KasperskyHEUR:Trojan-Downloader.MSOffice.SLoad.gen
BitDefenderTrojan.GenericKD.34265961
TencentHeur.Macro.Generic.e.fec57f1b
Ad-AwareTrojan.GenericKD.34265961
SophosTroj/DocDl-AABN
F-SecureMalware.VBA/Dldr.Agent.xxknu
EmsisoftTrojan.GenericKD.34265961 (B)
IkarusTrojan-Downloader.VBA.Agent
AviraVBA/Dldr.Agent.xxknu
Endgamemalicious (high confidence)
ArcabitHEUR.VBA.Trojan.d
ZoneAlarmHEUR:Trojan-Downloader.MSOffice.SLoad.gen
MicrosoftTrojan:O97M/Donoff!MSR
ALYacTrojan.GenericKD.34265961
TACHYONSuspicious/X97M.Downloader.Gen
RisingDownloader.Agent/VBA!1.C970 (CLASSIC)
SentinelOneDFI – Suspicious OLE
FortinetVBA/Agent.GAK!tr.dldr
AVGSNH:Script [Dropper]
Qihoo-360Generic/Trojan.Downloader.3f4

How to remove Trojan:O97M/Donoff!MSR?

Trojan:O97M/Donoff!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment