About “Worm:Win32/Mofksys!pz” infection

The Worm:Win32/Mofksys!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Mofksys!pz virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Worm:Win32/Mofksys!pz?


File Info:
name: 86708763785C9130DD0E.mlw
path: /opt/CAPEv2/storage/binaries/5e1228f9bc42192994ea4161005cb4d2491c8c46b17902818ef3144e75fb948d
crc32: BFC8E7D0
md5: 86708763785c9130dd0e10be920919bf
sha1: f2ce5d6805863e0a0572e5efe37c0de7bddcb288
sha256: 5e1228f9bc42192994ea4161005cb4d2491c8c46b17902818ef3144e75fb948d
sha512: f173ade6c2556593aab4db2a180021283c872100be595a9e83aef57758007f8290d8d7aa7b735a3cc536fda19dee43d9bc80894ee514054fc385ba4c5a727ea6
ssdeep: 49152:tZBuZrEUBec9wcjiC7cPfCeClqz5Rn5fty:hkLj5i/PKzlwR5fty
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE85CF3BB268753FC56E4B3205B3C320A93B7E616A1A8C1F53F0650CCF764612E7A656
sha3_384: 4a8c3b5a6bc194c4dd1489653c99d6820a3b418b876fb0e2cefe2072c54b619d0f070a07b6fe2e0806cb34e51dff22ad
ep_bytes: 68dc3a4000e8eeffffff000048000000
timestamp: 2013-04-01 07:08:22

Version Info:
Translation: 0x0409 0x04b0
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: TJprojMain
OriginalFilename: TJprojMain.exe

Worm:Win32/Mofksys!pz also known as:

Bkav	W32.WatermarkHQc.PE
Elastic	malicious (high confidence)
DrWeb	Win32.HLLP.Swisyn
MicroWorld-eScan	Win32.Gosys.B
CAT-QuickHeal	W32.Mofksys.A4
Skyhigh	BehavesLike.Win32.Swisyn.tc
McAfee	W32/Swisyn.b
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Win32.Gosys.B
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Virus ( 00579e181 )
K7GW	Trojan ( 0058e74a1 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Win32.Gosys.B
BitDefenderTheta	AI:Packer.9945744120
VirIT	Trojan.Win32.Agent4.ALYU
Symantec	W32.Gosys
tehtris	Generic.Malware
ESET-NOD32	Win32/VB.NBI
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.VBGeneric-6735875-0
Kaspersky	Virus.Win32.VB.mz
BitDefender	Win32.Gosys.B
NANO-Antivirus	Trojan.Win32.Swisyn.flhacn
Avast	Win32:VB-OJQ [Wrm]
Tencent	Worm.Win32.Wbna.wf
Emsisoft	Win32.Gosys.B (B)
F-Secure	Trojan.TR/Patched.Ren.Gen
Baidu	Win32.Worm.VB.b
Zillya	Virus.HLLP.Win32.1
TrendMicro	PE_SWISB.A
Sophos	Troj/Agent-ABZF
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Agent.hxgb
Webroot	W32.Malware.Gen
Varist	W32/Trojan.UEJO-9077
Avira	TR/Patched.Ren.Gen
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	malware.kb.a.998
Xcitium	TrojWare.Win32.VB.QOTY@4qfd0g
Microsoft	Worm:Win32/Mofksys!pz
ZoneAlarm	Virus.Win32.VB.mz
GData	Win32.Trojan.PSE1.1NLNP9O
Google	Detected
AhnLab-V3	Worm/Win32.Mofksys.R198176
Acronis	suspicious
TACHYON	Worm/W32.VB-Mofksys.Zen
Cylance	unsafe
Panda	Trj/Spy.AT
Zoner	Trojan.Win32.88925
TrendMicro-HouseCall	PE_SWISB.A
Rising	Trojan.Agent!1.6A70 (CLASSIC)
Yandex	Trojan.GenAsa!182yZo+3+DM
Ikarus	Worm.Mofksys
MaxSecure	Virus.W32.Agent.xjgj
Fortinet	W32/VB.QCC!tr.dldr
AVG	Win32:VB-OJQ [Wrm]
Cybereason	malicious.805863
DeepInstinct	MALICIOUS

How to remove Worm:Win32/Mofksys!pz?

Worm:Win32/Mofksys!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X