Trojan:Win32/Doina.RPX!MTB information

The Trojan:Win32/Doina.RPX!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Doina.RPX!MTB virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/Doina.RPX!MTB?


File Info:
name: 52F8651D8384288008B0.mlw
path: /opt/CAPEv2/storage/binaries/39ef77ab15c9f4a8ea1b2caaa498f2b2a8f38819fea5597d731ecca7c43fec37
crc32: C787EB13
md5: 52f8651d8384288008b0ce572c00fbfb
sha1: 35eadab65e3d07dd3c85cf84a88b0806ef933109
sha256: 39ef77ab15c9f4a8ea1b2caaa498f2b2a8f38819fea5597d731ecca7c43fec37
sha512: 99cb3bd592fe5923f877f05a2dcc556bf3b64e49b4d012b57aab4a9e31f8eb8e327102806c90d0307824cee96c54fa1d0dc355707b9bf4f55ee35340782c131c
ssdeep: 6144:Ir9NwOx9UbAbRuvpmnJ6nwAEn36Jpdv/J+4TD:+UcbRkp6PNqtvhJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E44F1077AE0853EFAFBE5F17DB18B3C4A7BB4154F58421B13BA53090DBAA028564B17
sha3_384: 51f44a8da7dd08c71ebc160c70fb3c208b97aac417ad8d03f46d77ebba6f67d9d60f78db2d353b92c96971bf6cd15961
ep_bytes: e834f7ffffe96bfdffffff258c814000
timestamp: 2019-12-11 08:01:20

Version Info:
CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 11.241.2.07
Full Version: 11.241.2.07
InternalName: Java SSV Agent Process
LegalCopyright: Copyright © 2019
OriginalFilename: ssvagent.exe
ProductName: Java(TM) Platform SE 8 U241
ProductVersion: 8.0.2410.7
Translation: 0x0000 0x04b0

Trojan:Win32/Doina.RPX!MTB also known as:

Bkav	W32.AIDetectMalware
DrWeb	Win32.HLLP.Siggen.57
MicroWorld-eScan	Gen:Variant.Doina.63202
FireEye	Generic.mg.52f8651d83842880
Malwarebytes	Malware.AI.1300390238
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.65e3d0
Cyren	W32/Doina.AK.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GNOL
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Gen:Variant.Doina.63202
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:Malware-gen
Emsisoft	Gen:Variant.Doina.63202 (B)
VIPRE	Gen:Variant.Doina.63202
McAfee-GW-Edition	BehavesLike.Win32.Expiro.dc
Trapmine	malicious.moderate.ml.score
GData	Gen:Variant.Doina.63202
Antiy-AVL	GrayWare/Win32.Wacapew
Arcabit	Trojan.Doina.DF6E2
Microsoft	Trojan:Win32/Doina.RPX!MTB
Google	Detected
AhnLab-V3	Malware/Win.Generic.R604299
VBA32	BScope.Trojan.Meterpreter
ALYac	Gen:Variant.Doina.63202
MAX	malware (ai score=87)
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:0VZ/SBBBaXavW8m4uMnbLg)
Fortinet	W32/Patched.IP!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

How to remove Trojan:Win32/Doina.RPX!MTB?

Trojan:Win32/Doina.RPX!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X