Categories: Worm

How to remove “Worm:Win32/Lightmoon.H”?

The Worm:Win32/Lightmoon.H is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Lightmoon.H virus can do?

Executable code extraction
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Installs itself for autorun at Windows startup
Creates a hidden or system file
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Worm:Win32/Lightmoon.H?


File Info:
crc32: 34A56B54md5: 90faf4a09974f57672e674ed90770feaname: 90FAF4A09974F57672E674ED90770FEA.mlwsha1: 4247dee6c8333672902af40b2c49e515ea70bfc1sha256: 54c7612880e5a4ae65481b730759163a8cc7516202e4b47484cdf9789a602716sha512: a526bb3e75e85f0141cf6a572969d33c9da3ff8c094ff2828d01656af1677740ba4c06815a69eab9925c4b1ca0bc439274b15c2db9fb16fbea1d89138b11ee54ssdeep: 24576:4hBZeB1DROB1DRABqB1DR1B1DRAB1DR7B1DR7B1DRDRURN+:4hHePQPuQPHPuPNPNP1A+type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
0: [No Data]

Worm:Win32/Lightmoon.H also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Malware.LMeV34g.80389457
FireEye	Generic.mg.90faf4a09974f576
CAT-QuickHeal	Trojan.VBCrypt.MF.8714
Qihoo-360	Win32/Worm.Lightmoon.HwsBCNoA
McAfee	W32/MoonLight.worm.c
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic.pak!cobra
Sangfor	Malware
K7AntiVirus	Trojan ( 005640b91 )
BitDefender	Generic.Malware.LMeV34g.80389457
K7GW	Trojan ( 005640b91 )
Cybereason	malicious.09974f
Baidu	Win32.Worm.VB.a
Cyren	W32/VB-Backdoor-HRS-based!Maxim
Symantec	W32.Lunalight@mm
TotalDefense	Win32/Lightmoon.E
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Legacy.Trojan.Agent-1388589
Kaspersky	Worm.Win32.VB.cz
Alibaba	Worm:Win32/Lightmoon.5bd03a71
NANO-Antivirus	Trojan.Win32.VB.btprr
ViRobot	Worm.Win32.VB.56320.B
Rising	Worm.Lightmoon!1.B58D (CLOUD)
Ad-Aware	Generic.Malware.LMeV34g.80389457
Emsisoft	Generic.Malware.LMeV34g.80389457 (B)
Comodo	Worm.Win32.NoonLight.Q@3u33
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.DownLoader8.32753
Zillya	Trojan.Genome.Win32.232818
TrendMicro	WORM_MOONLIGHT.D
McAfee-GW-Edition	BehavesLike.Win32.Sytro.tc
Sophos	ML/PE-A + Mal/VB-F
Ikarus	Virus.Alman
Jiangmin	Backdoor/Agent.aons
Avira	TR/Dropper.Gen
MAX	malware (ai score=87)
Antiy-AVL	Worm/Win32.VB.cz
Microsoft	Worm:Win32/Lightmoon.H
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Generic.Malware.LMeV34g.80389457
SUPERAntiSpyware	Trojan.Agent/Gen-Krotche
ZoneAlarm	Worm.Win32.VB.cz
GData	Generic.Malware.LMeV34g.80389457
Cynet	Malicious (score: 90)
AhnLab-V3	HEUR/Fakon.mwf.X1381
BitDefenderTheta	AI:Packer.ECBF81A21D
ALYac	Generic.Malware.LMeV34g.80389457
VBA32	Trojan.VBRA.03577
Malwarebytes	Sality.Virus.FileInfector.DDS
Panda	W32/MoonLight.H.worm
ESET-NOD32	Win32/NoonLight.Q
TrendMicro-HouseCall	WORM_MOONLIGHT.D
Tencent	Trojan.Win32.FakeDoc.b
Yandex	I-Worm.Lightmoon!BvHYSRysmCo
SentinelOne	Static AI – Suspicious PE – Worm
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/MoonLight!worm
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)