Malware

Win32:Dorder-B [Trj] removal guide

Malware Removal

The Win32:Dorder-B [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32:Dorder-B [Trj] virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Win32:Dorder-B [Trj]?


File Info:

crc32: 73613181
md5: aa3f093fce202d6c5a15a313a52dbfeb
name: AA3F093FCE202D6C5A15A313A52DBFEB.mlw
sha1: 7c983688c69391e351faf5a3c1325d89eeb42036
sha256: 84c92a6cb11b80ef0066b0b8525356bb93502d254747847c6a9c57259d5a71ee
sha512: 9e1b3637606cbc3eb0a87df93fcb31d49b62d9a3db3351b46644d8b9ec99a6b265493d45b203f70037f870420c5aaad1fa2c7a3ac7500679b987d584b45e2868
ssdeep: 1536:PIb328aTbYvzJancfriFZPRjlxObOKYSvYW8:P4+TbYzJa2iFZxiSKIW8
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Reclamation xa9 2015
InternalName: Roes
FileVersion: 0,106,45,141
CompanyName: Inverse Network Technology
LegalTrademarks:
ProductName: Predates Rebates
ProductVersion: 0,39,2,193
FileDescription: Saddled
OriginalFilename: Required.exe

Win32:Dorder-B [Trj] also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 004dd82a1 )
LionicTrojan.Win32.Waldek.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.56735
CynetMalicious (score: 100)
CAT-QuickHealRansom.Tescrypt.MUE.A4
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojan:Win32/HPCRYPTESLA.091d4345
K7GWTrojan ( 004dd82a1 )
Cybereasonmalicious.8c6939
SymantecTrojan.Gen
ESET-NOD32Win32/Tiny.NBQ
APEXMalicious
AvastWin32:Dorder-B [Trj]
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.TrjGen.eazczq
TencentMalware.Win32.Gencirc.10c1ede7
SophosML/PE-A
BitDefenderThetaGen:NN.ZexaF.34170.eq1@ainebQm
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPCRYPTESLA.SM2
McAfee-GW-EditionGenericR-GMK!AA3F093FCE20
FireEyeGeneric.mg.aa3f093fce202d6c
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Waldek.aym
AviraHEUR/AGEN.1132448
Antiy-AVLTrojan/Generic.ASMalwS.177BA9D
MicrosoftTrojan:Win32/Dynamer!ac
Acronissuspicious
McAfeeGenericR-GMK!AA3F093FCE20
VBA32BScope.Trojan.Anobato
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_HPCRYPTESLA.SM2
RisingTrojan.Generic@ML.100 (RDML:3OXZjGUtLShmy+XkdNy98w)
YandexTrojan.Waldek!ljTLIbl4tAg
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.EQFZ!tr
AVGWin32:Dorder-B [Trj]
Paloaltogeneric.ml

How to remove Win32:Dorder-B [Trj]?

Win32:Dorder-B [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment