Worm:Win32/Moarider!pz removal tips

The Worm:Win32/Moarider!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Moarider!pz virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Worm:Win32/Moarider!pz?


File Info:
name: A2C990FD8A5C0024AB23.mlw
path: /opt/CAPEv2/storage/binaries/7b62a78a80cf451bba6bfc40a12fafd6cf08856c0b723edfe622b9f0e4b9c307
crc32: A70D79AC
md5: a2c990fd8a5c0024ab231cf7d9035869
sha1: 485881d85ed8d325ef51753c42a3bb8554236284
sha256: 7b62a78a80cf451bba6bfc40a12fafd6cf08856c0b723edfe622b9f0e4b9c307
sha512: bf4eca557ff7916d05eabb86b29368053659eb5ab64aa88255c4d638a8526d9132a267acc9ddf85401bea57a80a3f429cd4f4cfe2cdcfafb984cb73c1e931c24
ssdeep: 3072:e630thKdTAodJza64TRnltulOuQuT1XwQVXz5u01OGsLo3XEqfX:e0ZETpYzA2LsLc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F354F603B3EA945ED8B277B05EFAD355C637BD299233C21F3284195F5DA1A405E223B2
sha3_384: 931023dd55e127e60f5c0b8ead12b893255ceaa4deb3b650108b855475acafe03aa3c199247067db171f053ad658683c
ep_bytes: 60be001047008dbe0000f9ff57eb0b90
timestamp: 2012-01-29 21:32:28

Version Info:
FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

Worm:Win32/Moarider!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Autoit.mBpQ
Cynet	Malicious (score: 100)
FireEye	Generic.mg.a2c990fd8a5c0024
McAfee	GenericRXAA-AA!A2C990FD8A5C
Cylance	unsafe
Zillya	Trojan.Hesv.Win32.5585
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 700000111 )
Alibaba	Trojan:Win32/Generic.04a4ae60
K7GW	Trojan ( 700000111 )
CrowdStrike	win/malicious_confidence_90% (D)
BitDefenderTheta	Gen:NN.ZexaF.36662.rm0@ay8iSDmi
Cyren	W32/S-79628cd6!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
APEX	Malicious
ClamAV	Win.Malware.Zusy-9956636-0
Kaspersky	UDS:Trojan.Win32.Hesv
BitDefender	Gen:Variant.Strictor.267438
MicroWorld-eScan	Gen:Variant.Strictor.267438
Avast	Win32:Malware-gen
Tencent	Trojan.Win32.Hesv.hc
Emsisoft	Gen:Variant.Strictor.267438 (B)
Baidu	Win32.Trojan.AutoIt.a
F-Secure	Heuristic.HEUR/AGEN.1363450
VIPRE	Gen:Variant.Strictor.267438
TrendMicro	TROJ_GEN.R002C0GFK23
McAfee-GW-Edition	BehavesLike.Win32.RealProtect.dt
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Autoit
GData	Win32.Trojan.PSE.1K78EN9
Jiangmin	Trojan.Hesv.dnb
Avira	HEUR/AGEN.1363450
Antiy-AVL	Trojan/Win32.TSGeneric
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Trojan.Strictor.D414AE
ZoneAlarm	UDS:Trojan.Win32.Hesv
Microsoft	Worm:Win32/Moarider!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Genome.R51444
Acronis	suspicious
ALYac	Gen:Variant.Strictor.267438
MAX	malware (ai score=85)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0GFK23
Rising	Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.77674509.susgen
Fortinet	W32/ULPM.16C0!tr
AVG	Win32:Malware-gen
Cybereason	malicious.85ed8d
DeepInstinct	MALICIOUS

How to remove Worm:Win32/Moarider!pz?

Worm:Win32/Moarider!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X