What is “Win32/Spy.Vadokrist.T”?

Malware Removal

The Win32/Spy.Vadokrist.T is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Spy.Vadokrist.T virus can do?

  • Injection (inter-process)
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • A potential decoy document was displayed to the user
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Win32/Spy.Vadokrist.T?


File Info:

crc32: E390E56B
md5: f22da2dca0f6957558ee88df695d1650
name: tmpay5nrt05
sha1: ad4289e61642a4a724c9f44356540df76a35b741
sha256: 5876b241f601badc8e4cabda303b5b0be3116ceeeb92bbfb0ccb0424bf416990
sha512: 4c6a80e611e0e6d11306c4fddcc0ae16352e089e33780d2a1e67380cb49215ad3a331c28386c6f4f0050eaf772ea84e25a499df93607ccb5fd207f8bd5612dc8
ssdeep: 98304:dGYyd3AWXTbPVJYrQ/PDD4D5HWj4r4tWA:dkpwQE
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Code page: 1252, Revision Number: 0EBC24B2-08C9-4013-90D6-21032F50B92E, Number of Words: 10, Subject: Installer Slater, Author: Blizzard, Name of Creating Application: Advanced Installer 12.2.1 build 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200

Version Info:

0: [No Data]

Win32/Spy.Vadokrist.T also known as:

FireEyeTrojan.GenericKD.43377771
McAfeeArtemis!D04D990CFBB8
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Spy.Vadokrist.T
TrendMicro-HouseCallTROJ_GEN.R002H09FL20
AvastWin32:Trojan-gen
CynetMalicious (score: 85)
GDataTrojan.GenericKD.43377771
BitDefenderTrojan.GenericKD.43377771
MicroWorld-eScanTrojan.GenericKD.43377771
RisingSpyware.Vadokrist!8.1078C (CLOUD)
Ad-AwareTrojan.GenericKD.43377771
F-SecureAdware.ADWARE/Adware.Gen7
EmsisoftTrojan.GenericKD.43377771 (B)
IkarusTrojan-Spy.Agent
AviraTR/Spy.Vadokrist.sphdn
MicrosoftProgram:Win32/Wacapew.C!ml
ArcabitTrojan.Generic.D295E46B
AegisLabTrojan.Win32.Jacard.4!c
ALYacTrojan.GenericKD.43377771
MAXmalware (ai score=86)
VBA32Trojan.Zpevdo
ZonerTrojan.DOC.81465
FortinetRiskware/Vadokrist
AVGWin32:Trojan-gen
Qihoo-360Generic/Trojan.1bd

How to remove Win32/Spy.Vadokrist.T?

Win32/Spy.Vadokrist.T removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment