Virus

How to remove “Virut.Virus.FileInfector.DDS”?

Malware Removal

The Virut.Virus.FileInfector.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virut.Virus.FileInfector.DDS virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (11 unique times)
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to modify proxy settings

Related domains:

ts.xunleihd.com
ww7.xunleihd.com
www.yyets.com
s22.cnzz.com
tu.cvnad.com
fonts.googleapis.com
parking.parklogic.com
ocsp.pki.goog
fonts.gstatic.com

How to determine Virut.Virus.FileInfector.DDS?


File Info:

crc32: C3452531
md5: dea843bca6d5cfacc0081ff84378f927
name: DEA843BCA6D5CFACC0081FF84378F927.mlw
sha1: 16134240cce673657c74d006eb7dbfc3d19122df
sha256: dcb601056be45afe7aaed9af21a591ff2af94b920147ad03b7a88d907e4f3c4a
sha512: df448a63884115026190f4483ee9771827706c2c21d538addca77beeb2a7f5f6b6ce5b7b7086de4a3259e09954f6736e4383bf9100c951770af881ab9aaa221e
ssdeep: 12288:wzeMhMw796Cqz84kZAkghmfNQ8Ts2gV9BAa4Dn6R:qeMhRRqzduAkgINQ8Tu3Bj4Dn6R
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2013
InternalName: TSearch.exe
FileVersion: 5.4.0.60
CompanyName: XunleiHD
ProductName: x8fc5x96f7x8d44x6e90x52a9x624b
ProductVersion: 5.4.0.60
FileDescription: TSearch
OriginalFilename: TSearch.exe
Translation: 0x0804 0x04b0

Virut.Virus.FileInfector.DDS also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanApplication.Downloader.ALB
FireEyeGeneric.mg.dea843bca6d5cfac
ALYacApplication.Downloader.ALB
CylanceUnsafe
VIPREVirus.Win32.Virut.ce.6 (v)
AegisLabTrojan.Win32.Xunleihd.tnvU
SangforMalware
K7AntiVirusAdware ( 004dc16f1 )
BitDefenderApplication.Downloader.ALB
K7GWAdware ( 004dc16f1 )
Cybereasonmalicious.ca6d5c
BitDefenderThetaGen:NN.ZexaE.34804.Mu0@amMqvgkj
CyrenW32/S-b0e984bf!Eldorado
SymantecSecurityRisk.gen1
ESET-NOD32a variant of Win32/XunleiHD.A potentially unwanted
APEXMalicious
AvastWin32:Patched-AJW [Trj]
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Xunleihd.b
NANO-AntivirusTrojan.Win32.HTUS4939.domngl
Ad-AwareApplication.Downloader.ALB
EmsisoftApplication.Downloader.ALB (B)
ComodoApplication.Win32.AdWare.XunleiHD.C@6lbsvy
F-SecureTrojan.TR/Patched.Gen
ZillyaTrojan.Xunleihd.Win32.1
TrendMicroPE_VIRUX.Q-1
McAfee-GW-EditionBehavesLike.Win32.BadFile.jh
SophosGeneric PUA BG (PUA)
IkarusPUA.XunleiHD
JiangminVariant.Symmi.zy
WebrootW32.Xunleihd
AviraTR/Patched.Gen
Antiy-AVLVirus/Win32.Virut.ce
MicrosoftProgram:Win32/Wacapew.C!ml
ArcabitApplication.Downloader.ALB
ZoneAlarmTrojan-Downloader.Win32.Xunleihd.b
GDataApplication.Downloader.ALB
McAfeeArtemis!DEA843BCA6D5
MAXmalware (ai score=73)
VBA32TrojanDownloader.Xunleihd
MalwarebytesVirut.Virus.FileInfector.DDS
PandaTrj/CI.A
TrendMicro-HouseCallPE_VIRUX.Q-1
RisingTrojan.Generic@ML.94 (RDML:ufh9hxnDBtbnxbcOkoUDog)
YandexTrojan.GenAsa!7Q3u2y4y/Oc
SentinelOneStatic AI – Malicious PE – File Infector
FortinetRiskware/XunleiHD
AVGWin32:Patched-AJW [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.Downloader.460

How to remove Virut.Virus.FileInfector.DDS?

Virut.Virus.FileInfector.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment