Malware

Win32/CoinMiner.BOU removal guide

Malware Removal

The Win32/CoinMiner.BOU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/CoinMiner.BOU virus can do?

  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

iplogger.org

How to determine Win32/CoinMiner.BOU?



File Info:

crc32: 907C0BCB
md5: d9a81b63017b3272e76fe96fdc89a67e
name: D9A81B63017B3272E76FE96FDC89A67E.mlw
sha1: 8ca5d7ee26ff1d6ba8a7e1ae98ea93a6659685b1
sha256: c8aa2998f2d8513be33f5f1f2fce42af46f30d6891df52ee789b47966e0063c1
sha512: 361089bf173feb0cd4a9ce72f3379ff3f13d7e58a9e10f9f32f150cb72b674664d325ec6213f9f2636cea2531801d4b4106e29e0ce4a501d1a069305daa3395d
ssdeep: 24576:iAHnh+eWsN3skA4RV1Hom2KXMmHaMVTDajrr282T5:lh+ZkldoPK8YaM4/CH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C) XqyEAIWSD2uaMio1nRtCeudA9XT29DrFAR6mOGuZeyRrvdp Technology Co. Ltd., All rights reserved.
InternalName: wuapp.exe
FileVersion: 9.5.7.5
CompanyName: x420x430x441x448x438x440x435x43dx438x435 x440x435x434x430x43ax442x43ex440x430 x433x440x443x43fx43fx43ex432x43ex439 x43fx43ex43bx438x442x438x43ax438 x434x43bx44f x43fx43ex43bx438x442x438x43a x443x43fx440x430x432x43bx435x43dx438x44f x43fx440x438x43bx43ex436x435x43dx438x44fx43cx438
Comments: xumhf3bQlXS1PTwlDHYp9V8KRpkHggki4vsrU6Q6x3BXe7qquc8xoX2arUwD6QCXKXmDXXoa5fx6OqlENqnpWeiXaG6c3
ProductVersion: 9.5.7.5
FileDescription: x420x430x441x448x438x440x435x43dx438x435 x440x435x434x430x43ax442x43ex440x430 x433x440x443x43fx43fx43ex432x43ex439 x43fx43ex43bx438x442x438x43ax438 x434x43bx44f x43fx43ex43bx438x442x438x43ax438 x430x443x434x438x442x430
OriginalFilename: wuapp.exe
Translation: 0x0809 0x04b0

Win32/CoinMiner.BOU also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 700000111 )
LionicHacktool.Win32.Gamehack.3!e
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Script/CoinMiner.232f96c9
K7GWTrojan ( 700000111 )
Cybereasonmalicious.3017b3
CyrenW32/Trojan.XXCZ-4841
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/CoinMiner.BOU
APEXMalicious
AvastWin32:Malware-gen
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi
MicroWorld-eScanGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi
TencentWin32.Trojan.Coinminer.Wtnk
Ad-AwareGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
FireEyeGeneric.mg.d9a81b63017b3272
EmsisoftGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi (B)
AviraHEUR/AGEN.1100133
eGambitUnsafe.AI_Score_98%
MicrosoftVirTool:Win32/Ymacco.AAC8
GDataGen:Trojan.Heur.AutoIT.17lv0@aiOOqBmi
McAfeeArtemis!D9A81B63017B
MAXmalware (ai score=89)
VBA32Trojan.Wacatac
MalwarebytesTrojan.BitCoinMiner.Generic
PandaTrj/Genetic.gen
RisingTrojan.Obfus/Autoit!1.BD86 (CLASSIC)
IkarusTrojan.Win32.Autoit
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Miner
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/CoinMiner.BOU?

Win32/CoinMiner.BOU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment