Virus:Win32/Xiaoho removal tips

The Virus:Win32/Xiaoho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Virus:Win32/Xiaoho virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Virus:Win32/Xiaoho?


File Info:
name: CFD28A4A3AE9B21CA961.mlw
path: /opt/CAPEv2/storage/binaries/c2055234bf4e553d6d7770195e70cfc1f429ef2aa5cd0cf184848c03bac3bca3
crc32: A9665403
md5: cfd28a4a3ae9b21ca961e09d780961fa
sha1: 8afbba8ad83a37f0525f3c646a254663e871d954
sha256: c2055234bf4e553d6d7770195e70cfc1f429ef2aa5cd0cf184848c03bac3bca3
sha512: b81ada9f7148acf3841abc63fad804ab42760be7dd2c15ee77ab7807af3ce68274a68075af9beaad52009bf21769093c2a67ec967b27270366fabcb31a82bbfe
ssdeep: 384:+bw8E1ob/s2lcRQtHfBF5j2Qj3Aa30olDb86nlJRo0AadUz46OXdducA:hSblcRQt5F5qQj3Aakqb8ciaec6OXdg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102037C132D1941FBC1B0CA30926F0A2FF7B7F56044698E8E1FB90CAD1E7515399A726E
sha3_384: 3b0f71ce5108cecaf5e5c879a3ea9b23bce4996ae02e3dc4051a497890558e60d42daa4c156625f0bfbb9f67e2f5a63c
ep_bytes: 062d40008d2540005024400040244000
timestamp: 2007-08-11 06:26:03

Version Info:
0: [No Data]

Virus:Win32/Xiaoho also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.Lilu.n!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Fugrafa.279218
FireEye	Generic.mg.cfd28a4a3ae9b21c
Skyhigh	BehavesLike.Win32.Generic.pt
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Fugrafa.279218
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 004bcce41 )
BitDefender	Gen:Variant.Fugrafa.279218
K7GW	Trojan ( 004bcce41 )
Cybereason	malicious.ad83a3
Symantec	W32.Hauxi
ESET-NOD32	a variant of Generik.GYQVVSM
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Jilu-1
Kaspersky	Virus.Win32.Lilu.c
Alibaba	Virus:Win32/Xiaoho.bd9acbbd
Rising	Worm.Xiaohao!1.6505 (CLASSIC)
Emsisoft	Gen:Variant.Fugrafa.279218 (B)
F-Secure	Malware.W32/XiaoHo.D
Zillya	Trojan.33428972.Win32.1
TrendMicro	PE_XIAHAO.E-O
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Lilu.a
Varist	W32/Xiohao.A.gen!Eldorado
Avira	W32/XiaoHo.D
MAX	malware (ai score=82)
Antiy-AVL	Virus/Win32.Lilu.c
Kingsoft	malware.kb.b.927
Microsoft	Virus:Win32/Xiaoho.gen
Arcabit	Trojan.Fugrafa.D442B2
ZoneAlarm	Virus.Win32.Lilu.c
GData	Gen:Variant.Fugrafa.279218
Google	Detected
Acronis	suspicious
ALYac	Gen:Variant.Fugrafa.279218
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Trj/Chgt.AC
TrendMicro-HouseCall	PE_XIAHAO.E-O
Tencent	Win32.Virus.Lilu.Wylw
Yandex	Worm.Xiaoho.A
Ikarus	Virus.Win32.Xiaoho
MaxSecure	Virus.W32.Lilu.C
Fortinet	W32/Generik.HEWQSIM!tr
AVG	Win32:Agent-LRV [Wrm]
Avast	Win32:Agent-LRV [Wrm]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Virus:Win32/Xiaoho?

Virus:Win32/Xiaoho removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X