W32/MOIVA-D removal instruction

The W32/MOIVA-D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What W32/MOIVA-D virus can do?

Authenticode signature is invalid
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine W32/MOIVA-D?


File Info:
name: 9FD970CDC9BC75393D0E.mlw
path: /opt/CAPEv2/storage/binaries/27bbc7453d840642d5965cf2e820b4ef7f4ff6211958d1c15fbff8120d1e82bb
crc32: 1A0CED49
md5: 9fd970cdc9bc75393d0e714a22ba4e13
sha1: 319862c6f0493081a813d25370e2b57a31910ad2
sha256: 27bbc7453d840642d5965cf2e820b4ef7f4ff6211958d1c15fbff8120d1e82bb
sha512: a21a6da39bfaa0a098b725eb1743e6678e78fd30e069c2d489a325f42864c31d625f84f145a4ae28148fb8f8fd0d4b577f5abf1be35c28260820bc300b9a5ae5
ssdeep: 12288:Lno2N84IuH/1pauCt++r4XDYxsapoBPg9Gr7BkMPPiWpqDY+I+5e:LntN8tGtLy+24TFr7BHyWEYy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19B451291EAE086F9C05EE434524BE7FE5C75B8F02A10BDDBFADC49FA068268425D4353
sha3_384: d6ab1b6ab45bc08d7a8bd92e02fd17aba66313f6ebc32e745d74c5761e38671988bab004eec1513c58668464f4d72473
ep_bytes: e8f2f90800e94efdffffcccccccccc3b
timestamp: 2009-07-13 23:43:51

Version Info:
CompanyName: Microsoft Corporation
FileDescription: COM Surrogate
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: dllhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: dllhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

W32/MOIVA-D also known as:

tehtris	Generic.Malware
FireEye	Generic.mg.9fd970cdc9bc7539
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.6f0493
Cyren	W32/Expiro.BO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Expiro.DM
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Virus.Win32.Moiva.a
NANO-Antivirus	Virus.Win32.Virut-Gen.bwpxnc
Avast	Win32:FileInfector-C [Heur]
Rising	Trojan.Generic@AI.100 (RDML:B98gLvl9wrWLDPr9ITSLtA)
F-Secure	Malware.W32/Infector.Gen
McAfee-GW-Edition	BehavesLike.Win32.Expiro.tt
Trapmine	suspicious.low.ml.score
Sophos	W32/MOIVA-D
Ikarus	Virus.Win32.Expiro
Avira	W32/Infector.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	Virus.Win32.Moiva.a
Google	Detected
AhnLab-V3	Malware/Win.JO.R467393
Acronis	suspicious
McAfee	Artemis!9FD970CDC9BC
Cylance	unsafe
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Expiro.NDP!tr
AVG	Win32:FileInfector-C [Heur]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

How to remove W32/MOIVA-D?

W32/MOIVA-D removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X