About “Trojan:Win32/Doina.GME!MTB” infection

The Trojan:Win32/Doina.GME!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Doina.GME!MTB virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/Doina.GME!MTB?


File Info:
name: 68A7352534756FA237FE.mlw
path: /opt/CAPEv2/storage/binaries/2adfa5b173ca39362f76e64bb43010d0a93b3e5eddf4027cdc3734b70861211a
crc32: 4BDAE7B7
md5: 68a7352534756fa237fedb24f5a48a5d
sha1: a15f04e6059ab8fa38f8e0d3f3db97cb4f5ca7ee
sha256: 2adfa5b173ca39362f76e64bb43010d0a93b3e5eddf4027cdc3734b70861211a
sha512: 4e70da3724d3b37b69a7a7c9dfc165edfa8187880aee629575aba37756d97ed40a0fd69c06ce5f764a2f3ee1f84d20e23e9be33cf0b5fb5bdd489414fe115ed3
ssdeep: 49152:hjz+q2uPWDC/Zm5ta4DOHqyB8HRLImNiUhRBo6m3nW6Ah:BzwLDC/ZN4qHqyB8HRDbhPliW6A
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T191C5BF23F983C023E6AE8132C5BE5FB555AD9C324F2184E392C81E353EA15D25A357DB
sha3_384: b333776c4b93640e75a99647c9df9c9a33a7731d0cfe540fc5d41831bce4bf5ab204c424a99ffe0b6ea7693e93864ed9
ep_bytes: 558bec837d0c017505e83a020000ff75
timestamp: 2020-10-20 03:11:45

Version Info:
Comments: http://icu-project.org
CompanyName: The ICU Project
FileDescription: ICU Common DLL
FileVersion: 67, 1, 0, 0
LegalCopyright:  Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html 
OriginalFilename: icuuc67.dll
PrivateBuild: 
ProductName: International Components for Unicode
ProductVersion:  Build 12.0
CommitID: 0
SpecialBuild: gautam
Translation: 0x0000 0x0000

Trojan:Win32/Doina.GME!MTB also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mint.Zard.5
FireEye	Generic.mg.68a7352534756fa2
Skyhigh	BehavesLike.Win32.Ransom.vc
McAfee	GenericRXAA-AA!68A735253475
Malwarebytes	Trojan.Patched
VIPRE	Gen:Variant.Mint.Zard.5
Sangfor	Trojan.Win32.Patched.Vy33
K7AntiVirus	Trojan ( 005ab4bf1 )
K7GW	Trojan ( 005ab4bf1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Patched.NKM
Kaspersky	Virus.Win32.Senoval.a
BitDefender	Gen:Variant.Mint.Zard.5
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:Patched-AWW [Trj]
Tencent	Trojan.Win32.Pathced_ya.16001052
Emsisoft	Gen:Variant.Mint.Zard.5 (B)
Google	Detected
F-Secure	Trojan.TR/Patched.Gen
DrWeb	Win32.Beetle.3
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
Varist	W32/Patched.GQ1.gen!Eldorado
Avira	TR/Patched.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win32.Patched
Microsoft	Trojan:Win32/Doina.GME!MTB
Arcabit	Trojan.Mint.Zard.5
ZoneAlarm	Virus.Win32.Senoval.a
GData	Gen:Variant.Mint.Zard.5
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5485599
ALYac	Gen:Variant.Mint.Zard.5
VBA32	BScope.TrojanDownloader.Emotet
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Generic@AI.100 (RDML:B923fxOS309ALfUk2s4oOQ)
Ikarus	Trojan.Win32.Patched
Fortinet	W32/Patched.IP!tr
AVG	Win32:Patched-AWW [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Doina.GME!MTB?

Trojan:Win32/Doina.GME!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X