DDoS:Win32/Dofoil.A

DDoS:Win32/Dofoil.A Description

DDoS:Win32/Dofoil.A is a Trojan that enters the affected machine surreptitiously and can destroy the system. DDoS:Win32/Dofoil.A propagates via spam emails supposedly sent by the American Airlines. The unsolicited email contains a malicious .zip file attachment which is found as DDoS:Win32/Dofoil.A. If a PC user opens an infected attachment file, his/her computer is corrupted by DDoS:Win32/Dofoil.A. DDoS:Win32/Dofoil.A can will slow your PC and block you from accessing registry Editor Task Manager. DDoS:Win32/Dofoil.A is managed through remote servers and is able to execute DDoS (distributed denial of service) attacks, used to deliver the Trojan to other PCs. DDoS:Win32/Dofoil.A can eliminate your privileges to control computer system's processes via Registry Editor and Task Manager programs. DDoS:Win32/Dofoil.A can also distribute and erase products in your Registry, record data, change file protection system's services, connect to the Internet, use your email accounts to spread the Trojan, and divert your search results to doubtful websites. Uninstall DDoS:Win32/Dofoil.A by using a genuine security application.

Aliases: Dropper.Generic6.CCOG [AVG], W32/Agent2.MHO!tr [Fortinet], Win32.Carberp [Ikarus], a variant of Win32/Injector.XHH, Trojan/Win32.Yakes [AhnLab-V3], Trojan.Win32.A.Agent.71168.L, Generic.dx!bg3l [McAfee-GW-Edition], DDoS/Dofoil.A.88 [AntiVir], Gen:Variant.Graftor.45038 [BitDefender], Trojan.Win32.Agent2.mho [Kaspersky], Win32:Carberp-AJG [Trj] [Avast], TROJ_GEN.F47V1008, W32/Injector.BMHF, Generic Downloader.rm [McAfee] and Trj/Genetic.gen [Panda].

Technical Information

File System Details

DDoS:Win32/Dofoil.A creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\Documenti\Downloads\Office.2010.RTM.PreAttivato.ITA.x32- x64. - ATTIVAZION\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe 1,057,280 797429180c8c307b2a5d5ecf7ac77c8b 1,807
2 %LOCALAPPDATA%NetMailTmp.bin 1,064 e92c85d796bfa7ce3b27e84502000636 332
3 D:\Program Files\WirelessNetView 1.38\WirelessNetView.exe 40,960 89fc7fe878a249ae7da46a8fb5b06f3e 118
4 %APPDATA%\E6CB3B\E6CB3B.exe 73,728 34ac32def45a1243c0ea3572925dd88d 40
5 %PROGRAMFILES%\Bilsa\Nobetci\Nobetci.exe 77,824 2c55eb634bc636ddb88f876220213522 20
6 %SystemDrive%\totalcmd\TOTALCMD.EXE 2,857,086 2d07d3a4f414868cb0c033f1d2f307d8 12
7 %APPDATA%\6BE020\6BE020.exe 49,664 91a6ee86c66b34e407037a82524a2339 10
8 %TEMP%\Rar$EX46.552\eCalendar 6.5\eCalendar.exe 1,583,616 7b8958fab7ffb6e7cf21d34b4fc066c4 7
9 %SystemDrive%\Users\Ant??nio Mendes\Application Data\503186.exe 46,592 f6e4a643c97ab2256d84780167525085 6
10 %USERPROFILE%\Application Data\AA3DA6.exe 45,568 e453ab194c8c4ea3ca1ac39ecf93516a 4
11 %PROGRAMFILES(x86)%\WinApps\msmsgs.exe 167,936 03f8efe9796bb03ec9ed971d56d4397f 3
12 %USERPROFILE%\Application Data\E602DF.exe 35,328 1e44263928bfb9ede59584079011eac1 2
13 %APPDATA%9A9D63.exe 47,616 a683f6f5473765de4fd6a0dc2ad01499 2
14 %TEMP%dhdaehe 400,896 f12c7d55c9304311b3e06a4dae577ffc 2
15 %APPDATA%\61B329\61B329.exe 43,520 2fb4c2855aac21f8ae59a1d5498c47e1 2
16 %TEMP%oskb.exe 61,387 febfc8c59f384003780d67d88403f3cb 1
17 %USERPROFILE%\Application Data\16F747.exe 45,568 6daf575428118663fc7d90219067c864 1
18 %USERPROFILE%\Application Data\90434F.exe 47,104 e61aa54f4544a401ddc9f6dd468fe237 1
19 %SystemDrive%\Documents and Settings\Chief\Application Data\9CB732.exe 46,080 d06af556a1dabee547b6642aa1d049f9 1
20 %SystemDrive%\Documents and Settings\garciaju\Application Data\2EC795.exe 34,816 e9a4bf03daa1254d8bc05c4170d4c926 1
21 %APPDATA%d05b45.exe 81,920 70b74a45213849c63c93bb361cb8948b 1
22 %SystemDrive%\Documents and Settings\hrad.e_aldosuky\Application Data\E3BB7F.exe 197,120 e0d7bd6e8b2e678d25b69b1469ca2bdb 1
23 503186.exe N/A
24 AA3DA6.exe N/A
25 smss.exe N/A
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.