Trojan

Should I remove “VHO:Trojan-Proxy.Win32.Windigo”?

Malware Removal

The VHO:Trojan-Proxy.Win32.Windigo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Trojan-Proxy.Win32.Windigo virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine VHO:Trojan-Proxy.Win32.Windigo?



File Info:

name: E3B85AA513849AF0DEEB.mlw
path: /opt/CAPEv2/storage/binaries/bb858012a84f6f054e6653a5154424701d52d2b8395b75f61ed45351ec5cb118
crc32: 8BFAAA34
md5: e3b85aa513849af0deeb5768347e64f6
sha1: 933bfa3e7c76dbed55ca1c5a7bb3dadd9256568e
sha256: bb858012a84f6f054e6653a5154424701d52d2b8395b75f61ed45351ec5cb118
sha512: 84647bf6e43cd81644aa68bb16b35c0f8e2f1d1d5ec7ef8b89b969634fac14990fdaad51692dc214e14442db67f5ce72eb74f57f7171da6092ecdf49dbae1ea8
ssdeep: 98304:CBkMA37sgHUz3NDG9uEytlI/L+7Te0z1Tcfu+2B/UwDaNeSr1lE:sgrsgHUACI/K7Te0z15b/UwDleu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB36330622B10570E91E91350C43D84D26B2F5DD19F4DBA879ECAD4AAF7E3ECEA1D302
sha3_384: 62a9e88f4286eab49e11a7800fd4e7cbbf7394d04e717feca196b06c35912066cf25a98dcd3ac90972cecf3d055c7c2f
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-11-25 10:49:38


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: SmartTV Setup                                               
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: SmartTV                                                     
ProductVersion:                     
Translation: 0x0000 0x04b0

VHO:Trojan-Proxy.Win32.Windigo also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
APEXMalicious
KasperskyVHO:Trojan-Proxy.Win32.Windigo.gen
AvastOther:Malware-gen [Trj]
F-SecureHeuristic.HEUR/AGEN.1332570
IkarusTrojan-Dropper.Win32.Agent
JiangminTrojan.Ekstak.ciey
AviraHEUR/AGEN.1332570
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmVHO:Trojan-Proxy.Win32.Windigo.gen
AhnLab-V3Trojan/Win.DownloadAssistant.R621621
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]

How to remove VHO:Trojan-Proxy.Win32.Windigo?

VHO:Trojan-Proxy.Win32.Windigo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment