Trojan:Win32/Dorv.C!rfn (file analysis)

The Trojan:Win32/Dorv.C!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Dorv.C!rfn virus can do?

Network activity detected but not expressed in API logs

How to determine Trojan:Win32/Dorv.C!rfn?


File Info:
crc32: FF1F20EC
md5: bbfe021c880c6fb1fd39d042339e6d73
name: BBFE021C880C6FB1FD39D042339E6D73.mlw
sha1: 243b5be034516d5537af9f42fa3e62aedb54396f
sha256: 7b9f86c296625006d0d6347f40e7e824a537b112b9a788c95f638bd022334729
sha512: 44c227739ad81cbb1b455d5fb8ff7551c51a88e8023fe32bef1a77e0e1cdb8206a80d8c97fc1119abcead185ef3e7737e33ae690e3a58edaeb2092ca37461245
ssdeep: 6144:Nv0bAyEvLE9Wwn6PHd0HmsZUiojOoPtu/90iKXat1AI7v:F01EvL4jY0HeNo/uiKqbN
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (c) 1999-2013 Cortado AG
InternalName: TPAutoConnect
FileVersion: 8,8,774,1
CompanyName: C   o rtado AG
ProductName: TPAutoConnect
ProductVersion: 8,8,774,1
FileDescription: ThinPrint AutoConnect component
OriginalFilename: TPAutoConnect.exe
Translation: 0x0409 0x04b0

Trojan:Win32/Dorv.C!rfn also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Ransom.Cerber.1
FireEye	Generic.mg.bbfe021c880c6fb1
CAT-QuickHeal	Ransom.Cerber.YY4
McAfee	GenericRXDI-GG!BBFE021C880C
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.4!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004f87f21 )
BitDefender	Trojan.Ransom.Cerber.1
K7GW	Trojan ( 004f87f21 )
Cybereason	malicious.c880c6
BitDefenderTheta	Gen:NN.ZexaF.34590.Cq1@aS8Si5Bi
Cyren	W32/S-3e1d46f2!Eldorado
Symantec	Packed.Generic.459
ESET-NOD32	Win32/Filecoder.Cerber.B
Baidu	Win32.Trojan.Cerber.h
APEX	Malicious
Avast	Win32:Filecoder-BG [Trj]
ClamAV	Win.Ransomware.Razy-7997331-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Cerber.2495c986
NANO-Antivirus	Trojan.Win32.Encoder.evdbmt
Tencent	Malware.Win32.Gencirc.10b558b4
Ad-Aware	Trojan.Ransom.Cerber.1
Emsisoft	Trojan.Ransom.Cerber.1 (B)
Comodo	TrojWare.Win32.Kryptik.ERJ@6l0vie
F-Secure	Heuristic.HEUR/AGEN.1121406
DrWeb	Trojan.Encoder.4691
Zillya	Trojan.Zerber.Win32.301
TrendMicro	Ransom_HPCERBER.SM30
McAfee-GW-Edition	GenericRXDI-GG!BBFE021C880C
Sophos	ML/PE-A + Mal/Cerber-B
Ikarus	Trojan.Crypt
Jiangmin	Trojan.Zerber.vb
Avira	HEUR/AGEN.1121406
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Zerber
Microsoft	Trojan:Win32/Dorv.C!rfn
Arcabit	Trojan.Ransom.Cerber.1
AhnLab-V3	Win-Trojan/Cerber.Gen
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Ransom.Cerber.1
Cynet	Malicious (score: 100)
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
ALYac	Trojan.Ransom.Cerber.1
Malwarebytes	Malware.AI.2454176477
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_HPCERBER.SM30
Rising	Ransom.Cerber!8.3058 (C64:YzY0OnDRfoqX4o0c)
Yandex	Trojan.GenAsa!YCiVRZt7sdY
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_96%
Fortinet	W32/Kryptik.HEKH!tr
AVG	Win32:Filecoder-BG [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Win32/Ransom.Cerber.HxQBRBYA

How to remove Trojan:Win32/Dorv.C!rfn?

Trojan:Win32/Dorv.C!rfn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X