Backdoor

Backdoor.Agent.RDP removal guide

Malware Removal

The Backdoor.Agent.RDP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Agent.RDP virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Backdoor.Agent.RDP?



File Info:

name: FAE2A60811BD10FD137F.mlw
path: /opt/CAPEv2/storage/binaries/e6c357c2c7c70b4630dbdcd86df2d98ed28cbd47a9efcbf727fe0fdbc5d5fefa
crc32: 8853077B
md5: fae2a60811bd10fd137f16c183ee1bc5
sha1: a119e25fbe0e1419931d0c07ec37c9c7e0631679
sha256: e6c357c2c7c70b4630dbdcd86df2d98ed28cbd47a9efcbf727fe0fdbc5d5fefa
sha512: 89b4a331b7170da8f3dad46cbd524c78a30d0edda0985b0a5cf009cae3a657121aa39445b578177caa2f81d1fab5476cfc21c828b2dcc9b104a12745a3cd7c11
ssdeep: 3072:mNgfZyOtwzopHeNXOYP0jfuMDUpt90vGJFgAA9DujUeCjpfdtzZ3vhTH1SC:mKxtwzoKOY8jfQgm1ABum9/J1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11E847B12B6A1CC72DA5680324EE9DBFEB6A5FD54CE1189C373D4BF2FAD314814626312
sha3_384: 7e9c2805fba6fdfd1314eb977ead92741fea0d8f2b5068435bfa1c93231016f9ead418be4fceaa3cdf09108172117d38
ep_bytes: 558bec6aff68d01b4300689c14410064
timestamp: 2022-01-12 15:44:53


Version Info:

CompanyName: 
FileDescription: Program Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: Program
LegalCopyright: 版权所有 (C) 2007
LegalTrademarks: 
OriginalFilename: Program.EXE
ProductName: Program 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Backdoor.Agent.RDP also known as:

BkavW32.AIDetect.malware2
DrWebBackDoor.Siggen2.3666
MicroWorld-eScanTrojan.GenericKD.38570082
FireEyeGeneric.mg.fae2a60811bd10fd
ALYacTrojan.GenericKD.38570082
CylanceUnsafe
ZillyaTrojan.GenKryptik.Win32.128532
SangforBackdoor.Win32.Lotok.gen
K7AntiVirusTrojan ( 0058d2201 )
AlibabaBackdoor:Win32/Lotok.a39bef20
K7GWTrojan ( 0058d2201 )
CyrenW32/Trojan.FTPP-6636
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.FPUE
TrendMicro-HouseCallTROJ_FRS.0NA103AI22
Paloaltogeneric.ml
ClamAVWin.Malware.Gh0stRAT-7459730-1
KasperskyHEUR:Backdoor.Win32.Lotok.gen
BitDefenderTrojan.GenericKD.38570082
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11e41cc1
Ad-AwareTrojan.GenericKD.38570082
SophosMal/Generic-S
ComodoMalware@#1qzus7820jwqq
TrendMicroTROJ_FRS.0NA103AI22
McAfee-GW-EditionRDN/GenericAC
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.GenericKD.38570082 (B)
IkarusTrojan.Win32.Krypt
GDataTrojan.GenericKD.38570082
JiangminBackdoor.Lotok.aif
WebrootW32.Trojan.Dropper
AviraHEUR/AGEN.1227939
Antiy-AVLTrojan/Generic.ASMalwS.350D274
KingsoftWin32.Hack.Undef.(kcloud)
GridinsoftTrojan.Win32.Downloader.sa
ArcabitTrojan.Generic.D24C8862
ViRobotTrojan.Win32.Z.Agent.389120.ALC
ZoneAlarmHEUR:Backdoor.Win32.Lotok.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4921029
McAfeeRDN/GenericAC
VBA32Backdoor.Lotok
MalwarebytesBackdoor.Agent.RDP
APEXMalicious
RisingTrojan.Kryptik!1.CC61 (CLOUD)
MAXmalware (ai score=83)
FortinetW32/Kryptik.HFPG!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.102820574.susgen

How to remove Backdoor.Agent.RDP?

Backdoor.Agent.RDP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment