Should I remove "Win32/Woool.E"?

The Win32/Woool.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Woool.E virus can do?

Executable code extraction
Creates RWX memory
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Checks for the presence of known windows from debuggers and forensic tools

Related domains:

z.whorecord.xyz

a.tomx.xyz

fhdlq.oss-cn-beijing.aliyuncs.com

ocsp.globalsign.com

ocsp2.globalsign.com

a.75cs.com

wd.gaochuanshi.com

www.wtaoche.com

b.75cs.com

How to determine Win32/Woool.E?


File Info:
crc32: 9E2E6BD4
md5: 1f4c285dbf6967b4dac9148804755774
name: 1F4C285DBF6967B4DAC9148804755774.mlw
sha1: 601273f3ab69029a9232011852f6c557926c6403
sha256: 9b31dc0385a4fdf0a180676c070e94e15afcbb88baeddb88a8faeb273697cc6b
sha512: abafea0b18f7b1d737c9ac0dccc7e73e039b811eed587b88780b2d6f4c7c28e0fae01799477d773f8f433ccd0160a7fa9801759a0a6ebe815d9dda8bbac0e9dd
ssdeep: 98304:fK5BamyIF9r3Qnqg2DZk7NYEAiiLv11a9anlT8QViip:CTauZbINYEAiiB1288QViip
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 
InternalName: x3000
FileVersion: 1.1.0.0
CompanyName: 
LegalTrademarks: 
Comments: x51e4x51f0x5de5x4f5cx5ba4x8363x8a89x51fax54c1
ProductName: x51e4x51f0x767bx9646x5668
ProductVersion: Pnoenixerx3000
FileDescription: x3000
OriginalFilename: 
Translation: 0x0804 0x03a8

Win32/Woool.E also known as:

K7AntiVirus	Trojan ( 004f01851 )
Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen10.32856
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.34688720
Cylance	Unsafe
Zillya	Trojan.Woool.Win32.442
Sangfor	Trojan.Win32.Agent.nil
CrowdStrike	win/malicious_confidence_80% (D)
Alibaba	Malware:Win32/km_2b07fd.None
K7GW	Trojan ( 004f01851 )
Cybereason	malicious.dbf696
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Woool.E
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan-GameThief.Win32.OnLineGames.aliqm
BitDefender	Trojan.GenericKD.34688720
NANO-Antivirus	Trojan.Win32.OnLineGames.hysldi
MicroWorld-eScan	Trojan.GenericKD.34688720
Tencent	Win32.Trojan-gamethief.Onlinegames.Eaee
Ad-Aware	Trojan.GenericKD.34688720
Sophos	Mal/Generic-S
Comodo	Malware@#nb4non1mb0ju
BitDefenderTheta	Gen:NN.ZexaF.34266.@V3@auzeiSkb
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.CoinMiner.rc
FireEye	Generic.mg.1f4c285dbf6967b4
Emsisoft	Trojan.GenericKD.34688720 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1138598
Microsoft	Trojan:Win32/Tnega!ml
Arcabit	Trojan.Generic.D2114ED0
ZoneAlarm	Trojan-GameThief.Win32.OnLineGames.aliqm
GData	Trojan.GenericKD.34688720
AhnLab-V3	Malware/Win32.RL_Generic.R354143
Acronis	suspicious
McAfee	Artemis!1F4C285DBF69
MAX	malware (ai score=82)
Panda	Trj/GdSda.A
Rising	Trojan.Generic@ML.100 (RDML:lmXjoSy+r+H2povrNA4muw)
Yandex	Trojan.Woool!RUJTf6MJYlc
Ikarus	Trojan.Win32.Woool
MaxSecure	Trojan.Malware.8069.susgen
Fortinet	W32/Woool.C!tr
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml

How to remove Win32/Woool.E?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Win32/Woool.E”?