Worm

Worm:Win32/Dorkbot information

Malware Removal

The Worm:Win32/Dorkbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Dorkbot virus can do?

  • Executable code extraction
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Worm:Win32/Dorkbot?


File Info:

crc32: 8571E94C
md5: 42e9efef843619686ce909a5548d6a53
name: 42E9EFEF843619686CE909A5548D6A53.mlw
sha1: 98d8a349260034da566c0693987ba5b3fe8ada13
sha256: 19e84cdf1e04713352444f9dbe4e46b9e6e084971756c7fc3ed00b3f18de399d
sha512: 72b8cf0daf342fa118641eb76d38be27101831271c8c575492e4a8d4c8af554eb7cca21122c5dd39a5cb960c11523cb76b2c16a79406f533e504bcb62082a4b8
ssdeep: 1536:unw/uvdsKjOIwlcC29LiTl2uYU1LUjBRsVxekrclz9GYUOg:uZdsKiICuU0sPrctUOg
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0c0a 0x04b0
InternalName: DomingDoming3
FileVersion: 23.22.0999
CompanyName: Domin
ProductName: Domin
ProductVersion: 23.22.0999
OriginalFilename: DomingDoming3.exe

Worm:Win32/Dorkbot also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.Elzob.16686
FireEyeGeneric.mg.42e9efef84361968
CAT-QuickHealTrojan.Agent
McAfeePWS-Zbot.gen.att
CylanceUnsafe
VIPRETrojan.Win32.Inject.ado (v)
AegisLabTrojan.Win32.Agent.4!c
SangforMalware
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Zusy.Elzob.16686
K7GWTrojan ( 003b24f61 )
K7AntiVirusTrojan ( 003b24f61 )
CyrenW32/S-4d35fb51!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:VBCrypt-AXU [Trj]
ClamAVWin.Malware.Dorkbot-7591897-0
KasperskyTrojan.Win32.Agent.ytwz
AlibabaTrojan:Win32/VBInject.1a99a90e
NANO-AntivirusTrojan.Win32.Poison.srpur
ViRobotTrojan.Win32.A.Llac.99096.A
RisingWorm.Dorkbot!8.1B4 (CLOUD)
Ad-AwareGen:Variant.Zusy.Elzob.16686
SophosMal/Generic-R + Troj/Inject-ADO
ComodoMalware@#2nqb7co1qhy6y
F-SecureTrojan.TR/Dorkbot.163840.A
DrWebTrojan.VbCrypt.250
ZillyaTrojan.Llac.Win32.30154
TrendMicroTROJ_SPNR.35EE13
McAfee-GW-EditionPWS-Zbot.gen.att
EmsisoftGen:Variant.Zusy.Elzob.16686 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Llac.vuf
WebrootW32.Bitcoinminer
AviraTR/Dorkbot.163840.A
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Llac
KingsoftWin32.Troj.Llac.(kcloud)
MicrosoftWorm:Win32/Dorkbot
ArcabitTrojan.Zusy.Elzob.D412E
SUPERAntiSpywareTrojan.Agent/Gen-Kazy
ZoneAlarmTrojan.Win32.Agent.ytwz
GDataGen:Variant.Zusy.Elzob.16686
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Poison.R34142
BitDefenderThetaGen:NN.ZevbaF.34804.gm3@aaUN48S
ALYacGen:Variant.Zusy.Elzob.16686
VBA32Trojan.Llac
MalwarebytesMalware.AI.2255324351
PandaTrj/Genetic.gen
ZonerWorm.Win32.462
ESET-NOD32a variant of Win32/Injector.TCN
TrendMicro-HouseCallTROJ_SPNR.35EE13
TencentMalware.Win32.Gencirc.114cd823
YandexTrojan.GenAsa!8uljqojpFgs
IkarusTrojan.VB.Crypt
MaxSecureTrojan.Malware.4242756.susgen
FortinetW32/Injector.AAPK!tr
AVGWin32:VBCrypt-AXU [Trj]
Qihoo-360Trojan.Generic

How to remove Worm:Win32/Dorkbot?

Worm:Win32/Dorkbot removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment