Virus

Virus:Win32/Dervec.A removal instruction

Malware Removal

The Virus:Win32/Dervec.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Dervec.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Creates a copy of itself
  • Empties the Recycle Bin, indicative of ransomware
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Virus:Win32/Dervec.A?


File Info:

name: F900FBE2397705469E4E.mlw
path: /opt/CAPEv2/storage/binaries/02924589c33d4ee6ef21b02e0a66633aae00a73750d90f1c4b74b3b5b74b2beb
crc32: 3ABE2406
md5: f900fbe2397705469e4ee8b52d38afc9
sha1: 20d970c20c5b127b4530e5b0353d54a064b265f4
sha256: 02924589c33d4ee6ef21b02e0a66633aae00a73750d90f1c4b74b3b5b74b2beb
sha512: 0b6369ec48924ad1aa31791fb146266d23c5983f75e811c8e214b9b85830870493fa66190de9179e331db4eb741777f26de77dee010dc9afb31c212d5269f418
ssdeep: 49152:r8znnnExHmu9sF1YC1PfV+FYroTz50Tns60FAnGf5nzA5hCZmnoh:gQYuuFfJY2roTl0TstFz5zAjC8oh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T117C5DF10FBB3E167E3328E315414AA7BB91D6ED819319982E290BF3FF47547291E1A0D
sha3_384: 00da10988998cbaa4f1dbec192ac4c6885f46375f46133b01a2dece95965aad1502f3b8fc3ea143723175a7de94b5d35
ep_bytes: e8fe5e0000e989feffff8bff558bec83
timestamp: 2011-08-15 04:54:55

Version Info:

0: [No Data]

Virus:Win32/Dervec.A also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Johnnie.298748
ALYacGen:Variant.Johnnie.298748
CylanceUnsafe
SangforTrojan.Win32.Agent.atgen
K7AntiVirusTrojan ( 004bdccd1 )
BitDefenderGen:Variant.Johnnie.298748
K7GWTrojan ( 004bdccd1 )
ArcabitTrojan.Johnnie.D48EFC
BaiduWin32.Trojan.Agent.bb
VirITTrojan.Win32.Agent3.XEQ
CyrenW32/Zbot.FJ.gen!Eldorado
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.TCO
APEXMalicious
ClamAVWin.Trojan.Agent-345924
KasperskyBackdoor.Win32.Dervec.ao
NANO-AntivirusTrojan.Win32.Agent.dfsncs
TencentMalware.Win32.Gencirc.10b2c72f
Ad-AwareGen:Variant.Johnnie.298748
EmsisoftGen:Variant.Johnnie.298748 (B)
ComodoTrojWare.Win32.Agent.TEN@4pfqba
F-SecureHeuristic.HEUR/AGEN.1226616
DrWebTrojan.Siggen3.54976
ZillyaTrojan.Jorik.Win32.110652
McAfee-GW-EditionBehavesLike.Win32.SoftPulse.vc
FireEyeGeneric.mg.f900fbe239770546
SophosTroj/Malagent-D
IkarusTrojan.Win32.Webprefix
JiangminTrojan/Generic.tvdh
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1226616
MicrosoftVirus:Win32/Dervec.A
ViRobotWorm.Win32.A.AutoRun.342561
ZoneAlarmBackdoor.Win32.Dervec.ao
GDataGen:Variant.Johnnie.298748
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.MarsBot.R14305
McAfeeW32/Rontokbro.worm.i
MAXmalware (ai score=86)
VBA32BScope.Trojan.Agent
PandaTrj/Genetic.gen
RisingTrojan.Generic@AI.92 (RDMK:cmRtazr0w8X6E46jdp2vYjJIjqTF)
YandexTrojan.Agent!z03ApEQCd8A
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.TCB!tr
BitDefenderThetaAI:Packer.ADE7DA0620
AVGWin32:AddLyrics-G [Adw]
Cybereasonmalicious.239770
AvastWin32:AddLyrics-G [Adw]

How to remove Virus:Win32/Dervec.A?

Virus:Win32/Dervec.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment