Malware

How to remove “Win32/Danmec.C”?

Malware Removal

The Win32/Danmec.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Danmec.C virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Danmec.C?



File Info:

name: D1D3DA95059A5B62FA7E.mlw
path: /opt/CAPEv2/storage/binaries/68349ed67be4b99b60e1569292d897492f1192cc449f6d21a2a237103d59571c
crc32: 6C6FAE8E
md5: d1d3da95059a5b62fa7e14ef1d445750
sha1: 0797c62528ac0e6f0f9b248d3e40b0d135d56941
sha256: 68349ed67be4b99b60e1569292d897492f1192cc449f6d21a2a237103d59571c
sha512: 90d0002ecc4bde748c13336061c5511f2044353ffd24927d79a9bb379465fee92fe4b91484ff0c9d91e3739d4b4aff00c5b8aa96ecd1d4973f8217f5939f94d6
ssdeep: 1536:fKaouK0rof8925RMehGW4S6cHiP3jqshuqRCdPf:fKaouK99MqB4SY3ln6X
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T186636C47D5109573E230193238A4337283EF7DB52D92FC9AD7921F8A192E1D2BE7A607
sha3_384: 41ad3150a5d31c4d525ce378a2137d033dfffb57c572e543a9485a5ccd26de07d26dbdcbc4b4b32ceab091efc0535268
ep_bytes: 558bec83ec208b450c5333db2bc357c7
timestamp: 2011-09-15 11:39:05


Version Info:

CompanyName: Potao
FileDescription: Potao spambot
FileVersion: 1.0.0.1
InternalName: potaospam.dll
LegalCopyright: Copyright (C) 2011 Potao INC.
OriginalFilename: Svc.exe
ProductName: Potao hide spambot
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Win32/Danmec.C also known as:

BkavW32.Common.38FFDF0D
LionicTrojan.Win32.Generic.lpAI
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ExplorerHijack.eu9@aqD30Zc
ClamAVWin.Malware.Danmec-9833618-0
FireEyeGeneric.mg.d1d3da95059a5b62
CAT-QuickHealTrojan.Danmec.Gen
SkyhighDanmec.d
McAfeeDanmec.d
Cylanceunsafe
ZillyaTrojan.Danmec.Win32.6229
SangforSuspicious.Win32.Save.a
AlibabaTrojan:Win32/Danmec.ca02fdf4
K7GWTrojan ( 002e30f81 )
K7AntiVirusTrojan ( 002e30f81 )
VirITTrojan.Win32.Zyx.EM
Paloaltogeneric.ml
SymantecTrojan.Asprox
ESET-NOD32Win32/Danmec.C
TrendMicro-HouseCallTROJ_KAZY.SME2
AvastWin32:Agent-ANGY [Trj]
CynetMalicious (score: 99)
BitDefenderGen:Trojan.ExplorerHijack.eu9@aqD30Zc
RisingTrojan.Danmec!1.C54E (CLASSIC)
SophosMal/Generic-S
BaiduWin32.Trojan.Agent.fc
F-SecureTrojan.TR/Spy.Web.H
DrWebBackDoor.Siggen.37610
VIPREGen:Trojan.ExplorerHijack.eu9@aqD30Zc
TrendMicroTROJ_KAZY.SME2
EmsisoftGen:Trojan.ExplorerHijack.eu9@aqD30Zc (B)
IkarusTrojan.Win32.Danmec
JiangminTrojan/Generic.mroj
WebrootW32.Worm.Gen
VaristW32/Agent.LG.gen!Eldorado
AviraTR/Spy.Web.H
Antiy-AVLTrojan/Win32.Agent
KingsoftWin32.Trojan.Generic.a
ArcabitTrojan.ExplorerHijack.ECD20CD
ViRobotTrojan.Win32.A.Agent.69128
ZoneAlarmHEUR:Net-Worm.Win32.Aspxor.gen
GDataGen:Trojan.ExplorerHijack.eu9@aqD30Zc
GoogleDetected
AhnLab-V3Trojan/Win32.Kazy.R51288
ALYacGen:Trojan.ExplorerHijack.eu9@aqD30Zc
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
APEXMalicious
TencentTrojan.Win32.Danmec.pc
YandexTrojan.GenAsa!ph8k7/A7GJY
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Danmec.C!tr
AVGWin32:Agent-ANGY [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan

How to remove Win32/Danmec.C?

Win32/Danmec.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment