Worm:Win32/Occamy.C removal guide

The Worm:Win32/Occamy.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Occamy.C virus can do?

Executable code extraction
A process attempted to delay the analysis task.
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Looks up the external IP address
Queries information on disks, possibly for anti-virtualization
Network activity contains more than one unique useragent.
Collects information about installed applications
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Generates some ICMP traffic
Anomalous binary characteristics

Related domains:

www.360.cn

icanhazip.com

How to determine Worm:Win32/Occamy.C?


File Info:
crc32: D7F15D8E
md5: a2e7c257a8903b9bb1d6eaf33433053e
name: A2E7C257A8903B9BB1D6EAF33433053E.mlw
sha1: f85d97533572fbd67dbaa03829f591e57aa54e45
sha256: 206641f6dff3e83b2d718714bf0db6527f5fef07a7371c90ce75d041cd583b6b
sha512: a8082817c98534c84c5f88b5efcb83fb6adbc5ab64261f96f4d0fac3fb34e3f31bed566dce7fd2b3ca277ed74becdb9439ed41329f3730b99f945dafd279d7d9
ssdeep: 6144:BXnkSBrFxSstNi6oNrtX64Quw3RfvSHLOsUz:JnkS5F0stNi6oNrtX/QuwhfvSH5Uz
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2018
InternalName: RunResDll
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: RunResDll x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: RunResDll Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: RunResDll.EXE
Translation: 0x0804 0x04b0

Worm:Win32/Occamy.C also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0054e0a31 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader26.47433
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	Trojan.Agent.DQRK
Cylance	Unsafe
Zillya	Trojan.Dostre.Win32.430
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Dostre.810790ec
K7GW	Trojan ( 0054e0a31 )
Cybereason	malicious.7a8903
Cyren	W32/Zusy.CW.gen!Eldorado
ESET-NOD32	a variant of Win32/Kryptik.GHFL
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Dostre.a
BitDefender	Trojan.Agent.DQRK
NANO-Antivirus	Trojan.Win32.Dostre.fhsayi
MicroWorld-eScan	Trojan.Agent.DQRK
Tencent	Trojan.Win32.Kryptik.ghfl
Ad-Aware	Trojan.Agent.DQRK
Sophos	Mal/Generic-S + Troj/AutoG-BP
Comodo	Worm.Win32.Prux.A@4q442u
BitDefenderTheta	Gen:NN.ZexaF.34294.yq0@aWsCcopb
McAfee-GW-Edition	Trojan-FPZA!A2E7C257A890
FireEye	Generic.mg.a2e7c257a8903b9b
Emsisoft	Trojan.Agent.DQRK (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Dostre.a
Avira	HEUR/AGEN.1111322
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.2635D22
Microsoft	Worm:Win32/Occamy.C
GData	Trojan.Agent.DQRK
TACHYON	Trojan/W32.Dostre.393216
AhnLab-V3	Trojan/Win.Generic.R419093
Acronis	suspicious
McAfee	Trojan-FPZA!A2E7C257A890
MAX	malware (ai score=100)
VBA32	Trojan.Downloader
Malwarebytes	Malware.AI.2732574764
Panda	Trj/CI.A
Rising	Trojan.Generic@ML.95 (RDML:lbvBNBmJxjLGuPr3AV28ag)
Yandex	Trojan.GenAsa!XtxkU6qUQsg
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Dostre.a
Fortinet	W32/Kryptik.GHFL!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml

How to remove Worm:Win32/Occamy.C?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Worm:Win32/Occamy.C removal guide