Worm

How to remove “Worm.Drolnux”?

Malware Removal

The Worm.Drolnux is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm.Drolnux virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Detects VirtualBox through the presence of a registry key
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.ibayme.eb2a.com

How to determine Worm.Drolnux?


File Info:

crc32: 60E22CA8
md5: 7c65c668253a0750540029599804a137
name: 7C65C668253A0750540029599804A137.mlw
sha1: 7e31159f0bbe3292191487b228f503be2261338c
sha256: 85ee1cb29cea32b829ac0ac1d47c6993e9118b08a12c81808c55ef9d7e50c8f8
sha512: 3f5b43d0c0b6909a58b21f69a9ccc732704805d7aca6c230577bdb181ce969f9c35eef075af4fc9378fd3f8f093702cf703763d16a6b292fc51580751fefc9e1
ssdeep: 768:yM3E96TIR9eyzOLDZlMfvzataBFsqh87l5rphVgEQFI50CQUk:zUMTIGU8vM3dG7l5rphVgEQ25jJ
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

0: [No Data]

Worm.Drolnux also known as:

BkavW32.FamVT.BlockerVM.Trojan
K7AntiVirusTrojan ( 0055e3dd1 )
DrWebWin32.HLLW.Autoruner1.32327
MicroWorld-eScanTrojan.Generic.8206390
ALYacTrojan.Generic.8206390
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.48465
SangforMalware
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaWorm:Win32/Blocker.74262db1
K7GWTrojan ( 0055e3dd1 )
Cybereasonmalicious.8253a0
TrendMicroRansom_Blocker.R002C0CE620
BaiduWin32.Worm.Agent.z
CyrenW32/Blocker.GRPJ-7397
SymantecTrojan Horse
ESET-NOD32Win32/Agent.NLV
APEXMalicious
TotalDefenseWin32/Tnega.XEcRLNC
AvastWin32:DelFiles-AE [Trj]
ClamAVWin.Trojan.Blocker-391
GDataTrojan.Generic.8206390
KasperskyTrojan-Ransom.Win32.Blocker.jgb
BitDefenderTrojan.Generic.8206390
NANO-AntivirusTrojan.Win32.Blocker.bdcvim
ViRobotTrojan.Win32.Z.Blocker.73728.X
TencentTrojan.Win32.Agent.agb
Ad-AwareTrojan.Generic.8206390
SophosMal/Generic-S
ComodoTrojWare.Win32.Ransom.Blocker.cdf@4tkf0k
F-SecureWorm.WORM/DelFiles.aouna
BitDefenderThetaGen:NN.ZexaF.34110.eGW@aaYSPrji
VIPREWorm.Win32.Delfiles.a (v)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Trojan.lt
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.7c65c668253a0750
EmsisoftTrojan.Generic.8206390 (B)
SentinelOneDFI – Suspicious PE
F-ProtW32/Blocker.AC
Endgamemalicious (high confidence)
WebrootW32.Worm.Gen
AviraWORM/DelFiles.aouna
Antiy-AVLTrojan[Ransom]/Win32.Blocker.jgb
MicrosoftWorm:Win32/Drolnux.A
JiangminTrojan/Blocker.tf
ArcabitTrojan.Generic.D7D3836
AegisLabTrojan.Win32.Blocker.tqB8
ZoneAlarmTrojan-Ransom.Win32.Blocker.jgb
AhnLab-V3Trojan/Win32.Blocker.R46547
Acronissuspicious
McAfeeGenericRXGZ-QC!7C65C668253A
MAXmalware (ai score=85)
VBA32BScope.TrojanRansom.Blocker
MalwarebytesWorm.Drolnux
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_Blocker.R002C0CE620
RisingWorm.Drolnux!1.9CC3 (CLOUD)
YandexTrojan.Blocker!erJgybRQWdY
IkarusWorm.Win32.Delfiles
MaxSecureTrojan-Ransom.Win32.Blocker.jgb
FortinetW32/Agent.XXI!tr
AVGWin32:DelFiles-AE [Trj]
Qihoo-360Win32/Trojan.Delfiles.A

How to remove Worm.Drolnux?

Worm.Drolnux removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment