Upatre.Trojan.Downloader.DDS removal

The Upatre.Trojan.Downloader.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Upatre.Trojan.Downloader.DDS virus can do?

Unconventionial language used in binary resources: Spanish (Modern)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX

How to determine Upatre.Trojan.Downloader.DDS?


File Info:
crc32: 8721CB01
md5: 1ffc5f131f53235fcd7357cc2e319b38
name: 1FFC5F131F53235FCD7357CC2E319B38.mlw
sha1: 7d381e3c7135402cd489846194ea75c47fe98b14
sha256: 940f308bd20e3c87657891eb3624d182f0597829206afa94fb2e6f3c1ee3fdd7
sha512: d3a66bc2df0c9a3bc0d4633d78c96acf2aeaaeade8a2ddb588ad2f23bebfb899fc71cd9eae7ebd23a12599ebd11142ff8bf5338ff2640aa2d73b578b7ac617a8
ssdeep: 12288:flek7VIjqS/AttnfMznf81aW56jmi4EAEKw46Ye/WOw6iuex082+ueN3RqgW:hfKE8WHEm6Yjjduex082+VNh
type: PE32+ executable (console) x86-64, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 Microsoft Corporation. Reservados todos los derechos.
InternalName: dxsetup.exe
FileVersion: 4.9.0.0904
CompanyName: Microsoft Corporation
ProductName: Microsoftxae DirectX para Windowsxae
ProductVersion: 4.9.0.0904
FileDescription: Depuracixf3n del programa de instalacixf3n de Microsoft DirectX
OriginalFilename: dxsetup.exe
Translation: 0x040a 0x04b0

Upatre.Trojan.Downloader.DDS also known as:

Elastic	malicious (high confidence)
DrWeb	Tool.BtcMine.2239
MicroWorld-eScan	Trojan.GenericKDZ.65744
FireEye	Generic.mg.1ffc5f131f53235f
McAfee	GenericRXAA-AA!1FFC5F131F53
Malwarebytes	Upatre.Trojan.Downloader.DDS
BitDefender	Trojan.GenericKDZ.65744
Cybereason	malicious.31f532
Symantec	Miner.XMRig
APEX	Malicious
Avast	Win64:CoinminerX-gen [Trj]
ClamAV	Win.Malware.Generickdz-9775964-0
Kaspersky	not-a-virus:RiskTool.Win32.BitCoinMiner.ognt
Ad-Aware	Trojan.GenericKDZ.65744
Sophos	Troj/Agent-BCPO
F-Secure	Heuristic.HEUR/AGEN.1135765
McAfee-GW-Edition	BehavesLike.Win64.CoinMiner.cc
Emsisoft	Application.Generic (A)
Jiangmin	RiskTool.Generic.pkx
Avira	HEUR/AGEN.1135765
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	TrojanDownloader:Win32/Upatre
Gridinsoft	Trojan.Win64.CoinMiner.oa!s2
Arcabit	Trojan.Generic.D100D0
ZoneAlarm	not-a-virus:RiskTool.Win32.BitCoinMiner.ognt
GData	Trojan.GenericKDZ.65744
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win64.Generic.C4014669
Acronis	suspicious
MAX	malware (ai score=81)
ESET-NOD32	a variant of Win64/CoinMiner.PQ potentially unwanted
Rising	Trojan.Win32/64.XMR-Miner!1.ADCC (TFE:5:cWlFX9xRAN)
Yandex	Trojan.GenAsa!Xy4KCITNuvE
Ikarus	Trojan.Win64.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W64/CoinMiner.X!tr
AVG	Win64:CoinminerX-gen [Trj]

How to remove Upatre.Trojan.Downloader.DDS?

Upatre.Trojan.Downloader.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X