Worm:Win32/Sfone removal tips

The Worm:Win32/Sfone is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Sfone virus can do?

Executable code extraction
At least one process apparently crashed during execution
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

www.bing.com

crl3.digicert.com

ocsp.digicert.com

How to determine Worm:Win32/Sfone?


File Info:
crc32: BC2DFCF0
md5: a08b33314cebf70fe2643017b7bb6409
name: A08B33314CEBF70FE2643017B7BB6409.mlw
sha1: 8a5df9c9e8d9f983929eec23a7f8e8adf365422e
sha256: 44e20f5855724b26d41e788abd3e4a2212ae485ad7f5bef446ba1114dbfb6564
sha512: 8d77ba5d8b68c9d566cacbeafadbbf57ac3ea143215cde946a0589e4690abaece0c864346df739846ebd23723db162ea523d65afe009e407af4b3b74ba304c25
ssdeep: 6144:CjluQoSIIo5R1Nl090To7oDvY1EBCrML+FlHxMP7S+FhuD:CEQoSs5Ni90TNdCrM4HuznzM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Worm:Win32/Sfone also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.70387
FireEye	Generic.mg.a08b33314cebf70f
McAfee	GenericRXKN-BX!A08B33314CEB
Cylance	Unsafe
VIPRE	Worm.Win32.Agent.cp (v)
Sangfor	Malware
K7AntiVirus	Trojan ( 0051918e1 )
BitDefender	Trojan.GenericKDZ.70387
K7GW	Trojan ( 0051918e1 )
Cybereason	malicious.14cebf
Invincea	ML/PE-A + Troj/Agent-BFWE
BitDefenderTheta	AI:Packer.19C454781E
Cyren	W32/Agent.BTR.gen!Eldorado
Symantec	W32.SillyWNSE
APEX	Malicious
Avast	Win32:WormX-gen [Wrm]
ClamAV	Win.Worm.SillyWNSE-7784290-0
Kaspersky	Worm.Win32.Agent.cp
NANO-Antivirus	Trojan.Win32.Wofith.hzygna
Tencent	Malware.Win32.Gencirc.10ba4358
Ad-Aware	Trojan.GenericKDZ.70387
Sophos	Troj/Agent-BFWE
Comodo	Worm.Win32.Agent.CP@42tt
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.MulDrop15.57947
Zillya	Worm.Agent.Win32.52973
TrendMicro	Worm.Win32.SFONE.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Emsisoft	Trojan.GenericKDZ.70387 (B)
Ikarus	Worm.Win32.Agent
Jiangmin	Worm.Agent.ws
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
Antiy-AVL	Worm/Win32.Agent.cp
Microsoft	Worm:Win32/Sfone
Gridinsoft	Trojan.Heur!.030120A9
Arcabit	Trojan.Generic.D112F3
ZoneAlarm	Worm.Win32.Agent.cp
GData	Trojan.GenericKDZ.70387
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Agent.R336858
Acronis	suspicious
VBA32	Worm.Agent
ALYac	Trojan.GenericKDZ.70387
MAX	malware (ai score=89)
Malwarebytes	Trojan.Agent.Generic
Panda	Generic Suspicious
ESET-NOD32	a variant of Win32/Agent.CP
TrendMicro-HouseCall	Worm.Win32.SFONE.SM
Rising	Worm.Agent!1.BDD2 (TFE:1:EV1tbXRZcAI)
Yandex	Worm.Agent!LBOC44jF1A4
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Agent.6C6A!tr
AVG	Win32:WormX-gen [Wrm]
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM18.1.1DFB.Malware.Gen

How to remove Worm:Win32/Sfone?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Worm:Win32/Sfone removal tips