Worm

Worm.Prolaco removal guide

Malware Removal

The Worm.Prolaco is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Prolaco virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to identify installed AV products by installation directory
  • Attempts to identify installed AV products by registry key
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Harvests information related to installed mail clients
  • Attempts to modify or disable Security Center warnings

How to determine Worm.Prolaco?



File Info:

crc32: 7DF4F9B9
md5: 5b41a093e74a3a88996c965676c1fed0
name: 5B41A093E74A3A88996C965676C1FED0.mlw
sha1: 8e77ed2590584bd200423ed4695c2ae100070a1f
sha256: 7a127473040a724504685cf85256622528e4acfa7ffbbfa1bb315e918fca81ae
sha512: 32052e69aed3afc7e33339aed897e77bc46e3ea1570720186840b4c1e708f29bbd975d53b2a1df5932a314b4fb19e97c35b96c0e990cc30c136c414508992d5a
ssdeep: 12288:IJjr582Uza0ewFLWCR7ZsLxH8cS81VCC0kODYdp/PfiON9p62v3zGF80LTZSmUvo:I1avFS/j1VrOcGOYe3zGF3XpTzdd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C)Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.5512
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0412 0x04b0

Worm.Prolaco also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.10
FireEyeGeneric.mg.5b41a093e74a3a88
ALYacGen:Heur.Mint.Zard.10
CylanceUnsafe
VIPREWorm.Win32.Prolaco (v)
AegisLabTrojan.Win32.Blocker.4!c
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e3991 )
BitDefenderGen:Heur.Mint.Zard.10
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.3e74a3
BitDefenderThetaAI:Packer.2B05A29E1F
CyrenW32/Risk.BZVO-5878
SymantecW32.Ackantta@mm
ESET-NOD32a variant of Win32/Merond.AC
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Zard-6950572-0
KasperskyTrojan-Ransom.Win32.Blocker.fqge
AlibabaWorm:Win32/Blocker.f7ad836f
NANO-AntivirusTrojan.Win32.Typic.btwih
RisingRansom.Blocker!8.12A (CLOUD)
Ad-AwareGen:Heur.Mint.Zard.10
EmsisoftGen:Heur.Mint.Zard.10 (B)
ComodoMalware@#9x0b435apr0q
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner.47592
TrendMicroWORM_PROLACO.SMA
McAfee-GW-EditionBehavesLike.Win32.IRCBot.dc
SophosML/PE-A
IkarusP2P-Worm.Win32.BlackControl
MaxSecureVirus.W32.Cabres.a
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLWorm/Win32.Qvod
MicrosoftTrojan:Win32/Detplock
ArcabitTrojan.Mint.Zard.10
ZoneAlarmTrojan-Ransom.Win32.Blocker.fqge
GDataWin32.Trojan.Prolaco.A
CynetMalicious (score: 85)
TotalDefenseWin32/Fruspam!cab
McAfeeArtemis!5B41A093E74A
TACHYONBackdoor/W32.Hupigon.924672.W
VBA32BScope.Trojan.Wacatac
MalwarebytesWorm.Prolaco
PandaTrj/CI.A
TrendMicro-HouseCallWORM_PROLACO.SMA
TencentWin32.Trojan.Blocker.Swkv
YandexTrojan.GenAsa!VCW6ua3WfJ8
SentinelOneStatic AI – Suspicious SFX
eGambitUnsafe.AI_Score_70%
FortinetW32/Merond.O!worm
WebrootW32.Injector.Gen
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (D)
Qihoo-360HEUR/QVM06.2.DD35.Malware.Gen

How to remove Worm.Prolaco?

Worm.Prolaco removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment