VHO:Trojan-Downloader.Win32.BitCoinMiner removal instruction

The VHO:Trojan-Downloader.Win32.BitCoinMiner is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VHO:Trojan-Downloader.Win32.BitCoinMiner virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine VHO:Trojan-Downloader.Win32.BitCoinMiner?


File Info:
name: CACF25F20FB0FF7C8F13.mlw
path: /opt/CAPEv2/storage/binaries/d47d1b5c0862a698a0cbd7d2c941b45c715971b0c78166ea499b72bd69fdee89
crc32: EAF465E4
md5: cacf25f20fb0ff7c8f1319774f064fa1
sha1: 82d4f6e9fb7ce4010ed1cc2216dfecdabb587a3e
sha256: d47d1b5c0862a698a0cbd7d2c941b45c715971b0c78166ea499b72bd69fdee89
sha512: 786d391171579fc7b2e43ad5d351c8f017538c86b6c2c458af42712236951b021dbe7d331ad7e33492720d9debdca3251bfa43ad2d57b29d1931713e86450640
ssdeep: 384:DJJo2hYvWMUMnYZagrgYfTxLJtJQkqaBSmMTW4g1CwL1ib+/cG7mWPppD0m3HtU:MEHYQTxFtJQjmM41v1ibpCTpgm3HtU
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T18CC22A29B9DCC12AD66F4BBC7DE20A210371F3965E16DB866CD889AF5D6330148213F7
sha3_384: e71d4c5505a4770c3fb098a1c291445cf3257b3a2ff4569166cebe913f8718fbeb988909e8a7609c30c26c6a698af14b
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-28 07:46:48

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: maornc.exe
LegalCopyright:  
OriginalFilename: maornc.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

VHO:Trojan-Downloader.Win32.BitCoinMiner also known as:

MicroWorld-eScan	Trojan.GenericKD.38138975
FireEye	Trojan.GenericKD.38138975
ALYac	Trojan.GenericKD.38138975
Cylance	Unsafe
Cyren	W32/Trojan.GPA.gen!Eldorado
APEX	Malicious
Kaspersky	VHO:Trojan-Downloader.Win32.BitCoinMiner.gen
BitDefender	Trojan.GenericKD.38138975
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.38138975
TrendMicro	TROJ_GEN.R011C0PL221
McAfee-GW-Edition	RDN/Generic Downloader.x
Emsisoft	Trojan.GenericKD.38138975 (B)
Ikarus	Trojan.Msil
GData	MSIL.Trojan.PSE.10KYPST
Antiy-AVL	Trojan/Generic.ASMalwS.34E3A3F
Gridinsoft	Ransom.Win32.Gen.sa
Arcabit	Trojan.Generic.D245F45F
Cynet	Malicious (score: 100)
McAfee	RDN/Generic Downloader.x
MAX	malware (ai score=87)
TrendMicro-HouseCall	TROJ_GEN.R011C0PL221
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
AVG	Win32:Malware-gen

How to remove VHO:Trojan-Downloader.Win32.BitCoinMiner?

VHO:Trojan-Downloader.Win32.BitCoinMiner removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X