Worm

Worm:Win32/Wofopey.A removal instruction

Malware Removal

The Worm:Win32/Wofopey.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Wofopey.A virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Wofopey.A?



File Info:

name: CFC9A412DDAEF343B647.mlw
path: /opt/CAPEv2/storage/binaries/ca26fecdd6a4c2d2a34f6659990cbf301960b161ba353e49d5856f92d0537ed6
crc32: 9C1B71F1
md5: cfc9a412ddaef343b6478b88eb4e2eaa
sha1: db217e018dca2d05c2cef5a82f7ff9e243e60450
sha256: ca26fecdd6a4c2d2a34f6659990cbf301960b161ba353e49d5856f92d0537ed6
sha512: c0b760b31be33e94914f8e37739de4ad5e8490de65f378ec366ab054288c15f243abc69d7e1abcdae874adce1cebd619e5c11479edd296f54a628eb55c7ca178
ssdeep: 6144:tXfxZiLQtdSfcsrPUgYWvHlybzGE1qclbHFrJXOihq90Y7H99z/vn:tXfzYUgYPfGE1dlrFgXx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1848D11BBC9D436E5A200328F92C779A6B6BD635F32428777D13B0EAE305C29D35B51
sha3_384: 65b659d2f5b99329ea5c849a11da1ef96bf5de796d79eb00713e8f16f2363632281c219e25996204f2ee9e0e5a046adc
ep_bytes: e8736a0000e917feffff3b0da0374500
timestamp: 1970-01-01 00:00:00


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Services and Controller app
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
InternalName: services.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: services.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.5512
Translation: 0x0409 0x04b0

Worm:Win32/Wofopey.A also known as:

LionicWorm.Win32.AutoRun.lnZm
AVGWin32:GenMaliciousA-TTC [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Bodegun.1
FireEyeGeneric.mg.cfc9a412ddaef343
SkyhighBehavesLike.Win32.Sality.fh
McAfeeW32/Autorun.worm.aaci
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Heur.Bodegun.1
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 001b9b0e1 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWEmailWorm ( 001b9b0e1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36802.yq0@aGty1Upi
VirITTrojan.Win32.Agent.OLP
SymantecW32.SillyDC
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.AEZ
CynetMalicious (score: 99)
ClamAVWin.Trojan.Clicker-4047
KasperskyTrojan.Win32.Fsysna.dilg
BitDefenderGen:Heur.Bodegun.1
NANO-AntivirusTrojan.Win32.AutoRun.buecr
AvastWin32:GenMaliciousA-TTC [Trj]
TencentMalware.Win32.Gencirc.10bf3d14
TACHYONWorm/W32.AutoRun.401408
EmsisoftGen:Heur.Bodegun.1 (B)
BaiduWin32.Worm.AutoRun.ek
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebWin32.HLLW.Autoruner.57463
ZillyaTrojan.Agent.Win32.109769
TrendMicroWORM_OTORUN.SMJA
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan-Clicker.Win32.Agent
JiangminTrojanClicker.Agent.dbf
WebrootW32.Malware.Gen
VaristW32/Worm.PEBZ-4739
AviraTR/Patched.Ren.Gen
Antiy-AVLWorm/Win32.AutoRun
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Wofopey.A
XcitiumSuspicious@#1byfqga7vq0me
ArcabitTrojan.Bodegun.1
ViRobotWorm.Win32.A.AutoRun.329559
ZoneAlarmTrojan.Win32.Fsysna.dilg
GDataGen:Heur.Bodegun.1
GoogleDetected
AhnLab-V3Worm/Win32.AutoRun.R1864
VBA32Trojan-Dropper.Serv.21221
MAXmalware (ai score=100)
Cylanceunsafe
PandaW32/Autorun.KBE
TrendMicro-HouseCallWORM_OTORUN.SMJA
RisingWorm.Wofopey!1.A1FF (CLASSIC)
YandexTrojan.GenAsa!6m2p85ZXmns
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.1489621.susgen
FortinetW32/ClickerAgent.OLP!tr
Cybereasonmalicious.2ddaef
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/AutoRun.AEZ

How to remove Worm:Win32/Wofopey.A?

Worm:Win32/Wofopey.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment