Malware

W32/Autorun-CFO removal instruction

Malware Removal

The W32/Autorun-CFO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What W32/Autorun-CFO virus can do?

  • Presents an Authenticode digital signature
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine W32/Autorun-CFO?



File Info:

name: 0C5F9BD8ABAF5C5E0F4E.mlw
path: /opt/CAPEv2/storage/binaries/bcb68e046d3c4e9020bc48344c192a4be7ab447fb23c9b93dc2a97534f1aae00
crc32: A1B51805
md5: 0c5f9bd8abaf5c5e0f4e0a19ee639da4
sha1: 6af0ecb0668af78bf3e0d060fbfca95984eedf02
sha256: bcb68e046d3c4e9020bc48344c192a4be7ab447fb23c9b93dc2a97534f1aae00
sha512: bdef5dab1d030b46ae7d599804367c2882340272dbc776554362cbac7e6bd780304f86952ef3a4ff03f14e477e4fb42c9726298c712ca14e29b03bd4bc82638b
ssdeep: 49152:QvxW2NA18jN5Pe5R5k1YCdptya507NUUWn043oHS3fTZYwVq1/xT3DDbwwTU+ez2:GW2JjN5+NhS9Yw8Ob2JjN53
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T11A368D23B2F580B9F066E2749E669232D972BC125F3499DF23941A1C0F76AD05F39363
sha3_384: 88c25ea0bbf1b8f5dfa7a61c54fb3f58b567ffdb733d371ac503a0435fcdf6a7c664e71ab90e2dd6014b5103018291bd
ep_bytes: 4883ec28e8370200004883c428e98afd
timestamp: 2056-04-12 19:40:53


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Imaging Devices Control Panel
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: ImagingDevices.cpl
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ImagingDevices.cpl
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

W32/Autorun-CFO also known as:

MicroWorld-eScanTrojan.Generic.6889537
FireEyeGeneric.mg.0c5f9bd8abaf5c5e
ALYacTrojan.Generic.6889537
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.8abaf5
CyrenW32/Trojan.FCFP-6332
SymantecTrojan.Gen.MBT
ClamAVWin.Trojan.Agent-122208
BitDefenderTrojan.Generic.6889537
NANO-AntivirusTrojan.Win32.Autoruner.giwhpr
AvastWin32:Small-MOF [Trj]
SophosW32/Autorun-CFO
DrWebWin32.HLLW.Autoruner.6848
McAfee-GW-EditionBehavesLike.Win64.Dropper.rh
EmsisoftTrojan.Generic.6889537 (B)
IkarusWorm.Win32.AutoRun
GDataTrojan.Generic.6889537
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!0C5F9BD8ABAF
MAXmalware (ai score=88)
VBA32Trojan.Agent
MalwarebytesMalware.AI.730690996
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.7D47!tr
AVGWin32:Small-MOF [Trj]

How to remove W32/Autorun-CFO?

W32/Autorun-CFO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment