About “Worm:Win32/Dorkbot.AK” infection

Malware Removal

The Worm:Win32/Dorkbot.AK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Worm:Win32/Dorkbot.AK virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Worm:Win32/Dorkbot.AK?


File Info:

crc32: 5DA4E163
md5: fa36b29296f3704cdc67b6e24a4d8e21
name: FA36B29296F3704CDC67B6E24A4D8E21.mlw
sha1: e1445df4ff26147df68b8874c78873c1bbf01a97
sha256: f1d1c0bbc46168c5b90e37a09aa3c5f338bb4060177d75db457c8c40926fb2d2
sha512: 3156c66bb06266d08d53177528e47ccc048d759d1d9729ccbc56d0f453f219257f3cb99965ee329b8e8d51b626fd342f0372c296b57d51a375e7ddb249f6838e
ssdeep: 1536:Phu7eJxC/+nqLgSj+owc57+bJV5qlmwnG0GAjrrLLRmwFzlikKcQ:PhpG/+nqwV5JvqlmOjr7RT1
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

0: [No Data]

Worm:Win32/Dorkbot.AK also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.3468
FireEyeGeneric.mg.fa36b29296f3704c
McAfeeRansom-ABD.gen.a
CylanceUnsafe
VIPREWorm.Win32.Dorkbot.i (v)
AegisLabTrojan.Win32.Yakes.4!c
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f1d41 )
BitDefenderGen:Variant.Symmi.3468
K7GWTrojan ( 0040f1d41 )
Cybereasonmalicious.296f37
BitDefenderThetaGen:NN.ZexaF.34590.fGW@ayMZgEji
SymantecTrojan.Ransomlock!g8
ESET-NOD32Win32/Rodpicom.A
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Ransomware.Yakes-9825801-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Spamlink.bbsklf
RisingWorm.Rodpicom!8.2510 (CLOUD)
Ad-AwareGen:Variant.Symmi.3468
SophosML/PE-A + Troj/Ransom-LO
ComodoMalware@#2zyenu13etgxr
F-SecureHeuristic.HEUR/AGEN.1105744
DrWebTrojan.Spamlink.4
ZillyaTrojan.Yakes.Win32.7793
TrendMicroTROJ_RANSOM.SMO7
McAfee-GW-EditionBehavesLike.Win32.Generic.mh
EmsisoftGen:Variant.Symmi.3468 (B)
IkarusTrojan.Win32.Yakes
JiangminTrojan/Yakes.hwc
AviraHEUR/AGEN.1105744
MAXmalware (ai score=87)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftWorm:Win32/Dorkbot.AK
ArcabitTrojan.Symmi.DD8C
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Symmi.3468
CynetMalicious (score: 100)
TotalDefenseWin32/Ransom.ATQ
VBA32BScope.Malware-Cryptor.Oop
MalwarebytesRansom.FileCryptor
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_RANSOM.SMO7
TencentWin32.Trojan.Yakes.Eddm
YandexWorm.Rodpicom!z0ciBIMddW4
FortinetW32/Kryptik.4C06!tr
WebrootTrojan.Dropper.Gen
AVGSf:Crypt-EX [Trj]
AvastSf:Crypt-EX [Trj]
CrowdStrikewin/malicious_confidence_60% (D)
Qihoo-360Generic/Worm.63d

How to remove Worm:Win32/Dorkbot.AK?

Worm:Win32/Dorkbot.AK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment