Worm

Worm.Win32.Socks.au removal guide

Malware Removal

The Worm.Win32.Socks.au is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Socks.au virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings

How to determine Worm.Win32.Socks.au?



File Info:

name: B9D672A5DFC3960CF15E.mlw
path: /opt/CAPEv2/storage/binaries/508266418b01858893f925f5b468d2cd40aecc55b9427c4ac5542dc1d2488cbc
crc32: 9A9199D3
md5: b9d672a5dfc3960cf15e574ab41fb16f
sha1: 1a715a69be355684bfe50d4df11a320d3ce0647b
sha256: 508266418b01858893f925f5b468d2cd40aecc55b9427c4ac5542dc1d2488cbc
sha512: 01d19f593f24a5bf11d9bb6b06486eeebadb0a4b54264e429b2a5d8ed44951adb9ae797c7bccd2b5d6e0c6d24819ab963640298edb579daf896389a01ec4bf01
ssdeep: 6144:PbSankP+6bwnkP+6bwnkP+6bAw5syibSAy/yibSxbSyO:zQ+m+m+G5sy81y/y8eo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1894402BA33865B66FA032CF6D39E61A0587633905EC79571E706F7E30066D12C2CAB1D
sha3_384: f036432db7b222b31d9ffd4b7ad7016c372b659ffe35dac0b5fc652be4f4b13f4f15edae5e413780f5ad49eed6702071
ep_bytes: 60be00b040008dbe0060ffff5783cdff
timestamp: 2008-03-30 15:20:09


Version Info:

0: [No Data]

Worm.Win32.Socks.au also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Crypt.EJ
FireEyeGeneric.mg.b9d672a5dfc3960c
CAT-QuickHealTrojan.Toga.26581
ALYacTrojan.Crypt.EJ
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusPassword-Stealer ( 000345c61 )
K7GWPassword-Stealer ( 000345c61 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.47861F551B
VirITWorm.Win32.Agent.I
CyrenW32/Socks.B.gen!Eldorado
SymantecW32.Mandaph
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Socks.NAJ
APEXMalicious
ClamAVWin.Worm.Socks-7102088-0
KasperskyWorm.Win32.Socks.au
BitDefenderTrojan.Crypt.EJ
NANO-AntivirusTrojan.Win32.Socks.wsiw
AvastWin32:Injecter-AT [Trj]
TencentMalware.Win32.Gencirc.10b077e2
Ad-AwareTrojan.Crypt.EJ
EmsisoftTrojan.Crypt.EJ (B)
ComodoTrojWare.Win32.PSW.Agent.NHI@c49c
F-SecureWorm.WORM/Socks.AU.166
DrWebWin32.HLLW.Socks
ZillyaWorm.Socks.Win32.13
TrendMicroWORM_SOCKS.EA
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
SophosML/PE-A + W32/Socks-H
SentinelOneStatic AI – Malicious PE
GDataTrojan.Crypt.EJ
JiangminWorm/Socks.t
AviraWORM/Socks.AU.166
MAXmalware (ai score=85)
ZoneAlarmWorm.Win32.Socks.au
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Socks.R2364
McAfeegeneric!bg.eky
VBA32SScope.Worm.Socks.afv
MalwarebytesGeneric.Worm.Autorun.DDS
TrendMicro-HouseCallWORM_SOCKS.EA
RisingTrojan.Generic@AI.99 (RDMK:cmRtazr/9qYz+N1tE1PVGlc6dLbf)
YandexTrojan.GenAsa!+24XGDb3mMA
IkarusTrojan-Downloader.Win32.Small
FortinetW32/Socks.HF!worm
AVGWin32:Injecter-AT [Trj]
Cybereasonmalicious.5dfc39
PandaTrj/Genetic.gen

How to remove Worm.Win32.Socks.au?

Worm.Win32.Socks.au removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment