Categories: Worm

How to remove “Worm.Drolnux”?

The Worm.Drolnux is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm.Drolnux virus can do?

Executable code extraction
Creates RWX memory
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Performs some HTTP requests
Uses Windows utilities for basic functionality
Sniffs keystrokes
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Creates a hidden or system file
Detects VirtualBox through the presence of a registry key
Creates a slightly modified copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

www.ibayme.eb2a.com

How to determine Worm.Drolnux?


File Info:
crc32: 60E22CA8md5: 7c65c668253a0750540029599804a137name: 7C65C668253A0750540029599804A137.mlwsha1: 7e31159f0bbe3292191487b228f503be2261338csha256: 85ee1cb29cea32b829ac0ac1d47c6993e9118b08a12c81808c55ef9d7e50c8f8sha512: 3f5b43d0c0b6909a58b21f69a9ccc732704805d7aca6c230577bdb181ce969f9c35eef075af4fc9378fd3f8f093702cf703763d16a6b292fc51580751fefc9e1ssdeep: 768:yM3E96TIR9eyzOLDZlMfvzataBFsqh87l5rphVgEQFI50CQUk:zUMTIGU8vM3dG7l5rphVgEQ25jJtype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Version Info:
0: [No Data]

Worm.Drolnux also known as:

Bkav	W32.FamVT.BlockerVM.Trojan
K7AntiVirus	Trojan ( 0055e3dd1 )
DrWeb	Win32.HLLW.Autoruner1.32327
MicroWorld-eScan	Trojan.Generic.8206390
ALYac	Trojan.Generic.8206390
Cylance	Unsafe
Zillya	Trojan.Blocker.Win32.48465
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Worm:Win32/Blocker.74262db1
K7GW	Trojan ( 0055e3dd1 )
Cybereason	malicious.8253a0
TrendMicro	Ransom_Blocker.R002C0CE620
Baidu	Win32.Worm.Agent.z
Cyren	W32/Blocker.GRPJ-7397
Symantec	Trojan Horse
ESET-NOD32	Win32/Agent.NLV
APEX	Malicious
TotalDefense	Win32/Tnega.XEcRLNC
Avast	Win32:DelFiles-AE [Trj]
ClamAV	Win.Trojan.Blocker-391
GData	Trojan.Generic.8206390
Kaspersky	Trojan-Ransom.Win32.Blocker.jgb
BitDefender	Trojan.Generic.8206390
NANO-Antivirus	Trojan.Win32.Blocker.bdcvim
ViRobot	Trojan.Win32.Z.Blocker.73728.X
Tencent	Trojan.Win32.Agent.agb
Ad-Aware	Trojan.Generic.8206390
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k
F-Secure	Worm.WORM/DelFiles.aouna
BitDefenderTheta	Gen:NN.ZexaF.34110.eGW@aaYSPrji
VIPRE	Worm.Win32.Delfiles.a (v)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Trojan.lt
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.7c65c668253a0750
Emsisoft	Trojan.Generic.8206390 (B)
SentinelOne	DFI – Suspicious PE
F-Prot	W32/Blocker.AC
Endgame	malicious (high confidence)
Webroot	W32.Worm.Gen
Avira	WORM/DelFiles.aouna
Antiy-AVL	Trojan[Ransom]/Win32.Blocker.jgb
Microsoft	Worm:Win32/Drolnux.A
Jiangmin	Trojan/Blocker.tf
Arcabit	Trojan.Generic.D7D3836
AegisLab	Trojan.Win32.Blocker.tqB8
ZoneAlarm	Trojan-Ransom.Win32.Blocker.jgb
AhnLab-V3	Trojan/Win32.Blocker.R46547
Acronis	suspicious
McAfee	GenericRXGZ-QC!7C65C668253A
MAX	malware (ai score=85)
VBA32	BScope.TrojanRansom.Blocker
Malwarebytes	Worm.Drolnux
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_Blocker.R002C0CE620
Rising	Worm.Drolnux!1.9CC3 (CLOUD)
Yandex	Trojan.Blocker!erJgybRQWdY
Ikarus	Worm.Win32.Delfiles
MaxSecure	Trojan-Ransom.Win32.Blocker.jgb
Fortinet	W32/Agent.XXI!tr
AVG	Win32:DelFiles-AE [Trj]
Qihoo-360	Win32/Trojan.Delfiles.A