Trojan:Win32/Doina!pz removal tips

The Trojan:Win32/Doina!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Doina!pz virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Doina!pz?


File Info:
name: BE35B5F972455B6DDF74.mlw
path: /opt/CAPEv2/storage/binaries/74444162856daa279eb86fd9b9daa33fc0b2c2792338a64032999102e55ae723
crc32: 4A75FEA4
md5: be35b5f972455b6ddf742f76a6eb8688
sha1: b3fd7a4af64a2c62965104b4c964084dcdc55ed3
sha256: 74444162856daa279eb86fd9b9daa33fc0b2c2792338a64032999102e55ae723
sha512: 2714359446ee51f224661df8fe8e746e43ddb0696e720dabe34469b5b50a6bb1aea022a39935a570c8899a639e9caab6dde5f000a5dc5e014358cfa844b7c92c
ssdeep: 49152:PlUfwfk+ZmdcJxVTgBrXptwIYH7O/l6e0D5EgtgJ3SYHRdUmLDCWnmpwGfAxcZK/:lZm6ZTEwLSdJ3SYHRdUiCMIqb
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1BA169D11B9915076CC0E30B26C5AEB3DED34A7572B1189C7B55E6CAC3FA02E317B2366
sha3_384: 843d149e4056480e9c4b2a7d7e61bbf61425081f884caf4e5b7810a4b7b76bbd940a18f5a73793f036c91348906d1efe
ep_bytes: 558bec837d0c017505e88d000000ff75
timestamp: 2023-09-11 18:11:32

Version Info:
FileDescription: ANGLE libGLESv2 Dynamic Link Library
FileVersion: 2.1.19735 git hash: 6784271c1c62
InternalName: libGLESv2
LegalCopyright: Copyright (C) 2015 Google Inc.
OriginalFilename: libGLESv2.dll
PrivateBuild: 2.1.19735 git hash: 6784271c1c62
ProductName: ANGLE libGLESv2 Dynamic Link Library
ProductVersion: 2.1.19735 git hash: 6784271c1c62
Comments: Build Date: 2023-07-20 16:31:09 -0400
Translation: 0x0409 0x04b0

Trojan:Win32/Doina!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.Senoval.n!c
Elastic	malicious (high confidence)
DrWeb	Win32.Beetle.2
MicroWorld-eScan	Gen:Variant.Mint.Zard.5
Skyhigh	Artemis!Trojan
McAfee	Artemis!BE35B5F97245
K7AntiVirus	Trojan ( 005ab4bf1 )
K7GW	Trojan ( 005ab4bf1 )
Symantec	Trojan.Gen.6
ESET-NOD32	a variant of Win32/Patched.NKM
Cynet	Malicious (score: 99)
Kaspersky	Virus.Win32.Senoval.a
BitDefender	Gen:Variant.Mint.Zard.5
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:Patched-AWW [Trj]
Tencent	Trojan.Win32.Pathced_ya.16001052
Emsisoft	Gen:Variant.Mint.Zard.5 (B)
F-Secure	Trojan.TR/Patched.Gen
VIPRE	Gen:Variant.Mint.Zard.5
FireEye	Gen:Variant.Mint.Zard.5
Sophos	W32/Patched-CD
GData	Gen:Variant.Mint.Zard.5
Google	Detected
Avira	TR/Patched.Gen
MAX	malware (ai score=88)
Arcabit	Trojan.Mint.Zard.5
ZoneAlarm	Virus.Win32.Senoval.a
Microsoft	Trojan:Win32/Doina!pz
VBA32	BScope.Trojan.Meterpreter
ALYac	Gen:Variant.Mint.Zard.5
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:rGZBeof/upLVOhxaewZB8Q)
Ikarus	Trojan.Win32.Patched
Fortinet	W32/Patched.IP!tr
AVG	Win32:Patched-AWW [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Doina!pz?

Trojan:Win32/Doina!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X