Backdoor

Should I remove “VHO:Backdoor.MSIL.NanoBot.berq”?

Malware Removal

The VHO:Backdoor.MSIL.NanoBot.berq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Backdoor.MSIL.NanoBot.berq virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
discoveryvipshinjiru2law.ooguy.com

How to determine VHO:Backdoor.MSIL.NanoBot.berq?



File Info:

crc32: 0EB6C437
md5: 2cb85b55294139663a838a37e27cdccc
name: 2CB85B55294139663A838A37E27CDCCC.mlw
sha1: e8b726f4fad8ea62d2e58e8f4f3d06fe56d0e39a
sha256: 76e24573c24f987db4d04d85b87b93606ad08e8d48f0e74403c391465dc566ed
sha512: 4b76e162df4bdaeb346bca256ab0542cb9c89534b4f396698af1e9a34aec328b671f594cbdf81f75a6a08427324ab2e3d3994f656abcf1f8fde7f10f7d7d1e58
ssdeep: 6144:9b/pzt/tTcwkAKs6/qiiIn6cYUwZWRAee4s/vx:9b/pR/towk3s6lRYURRleDx
type: PE32 executable (console) Intel 80386, for MS Windows


Version Info:

0: [No Data]

VHO:Backdoor.MSIL.NanoBot.berq also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.4fad8e
SymantecML.Attribute.HighConfidence
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Backdoor.MSIL.NanoBot.berq
SophosML/PE-A
BitDefenderThetaGen:NN.ZexaF.34104.nuZ@a8clHJdi
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.2cb85b5529413966
SentinelOneStatic AI – Suspicious PE
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!2CB85B552941
VBA32BScope.TrojanPSW.MSIL.Agensla
MalwarebytesSpyware.AgentTesla
RisingTrojan.Kryptik!1.D84E (CLASSIC)
IkarusTrojan.Agent

How to remove VHO:Backdoor.MSIL.NanoBot.berq?

VHO:Backdoor.MSIL.NanoBot.berq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment