The Backdoor.AveMaria file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
What Backdoor.AveMaria virus can do?
- Executable code extraction
- Injection (inter-process)
- Injection (Process Hollowing)
- Injection with CreateRemoteThread in a remote process
- Creates RWX memory
- A process attempted to delay the analysis task.
- A process created a hidden window
- The binary likely contains encrypted or compressed data.
- Uses Windows utilities for basic functionality
- Executed a process and injected code into it, probably while unpacking
- Attempts to restart the guest VM
- Steals private information from local Internet browsers
- Creates a hidden or system file
- Checks the CPU name from registry, possibly for anti-virtualization
- Creates a copy of itself
- Collects information to fingerprint the system
How to determine Backdoor.AveMaria?
General:
Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Unsafe
File Info:
Name: gmb.exe
Size: 645632
Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5: 81366e1a478dcc00088b443d70fda4ec
SHA1: 4feb20208769da51cafe4816a09e5bad0362773d
SH256: f1b7ac50d2a996c776a11b44647c48138bfc56aec29f2637f198134e1ae3831e
Version Info:
[No Data]
Backdoor.AveMaria also known as:
| ALYac | Spyware.AgentTesla |
| APEX | Malicious |
| AVG | Win32:RATX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.32700362 |
| AegisLab | Trojan.MSIL.Agensla.i!c |
| AhnLab-V3 | Trojan/Win32.Pwstealer.R294918 |
| Alibaba | Trojan:Win32/starter.ali1000139 |
| Antiy-AVL | Trojan[PSW]/MSIL.Agensla |
| Arcabit | Trojan.Generic.D1F2F7CA |
| Avast | Win32:RATX-gen [Trj] |
| Avira | TR/Kryptik.lwymo |
| BitDefender | Trojan.GenericKD.32700362 |
| BitDefenderTheta | Gen:NN.ZemsilF.32245.Nm0@amrmVAd |
| CAT-QuickHeal | Trojanpws.Msil |
| ClamAV | Win.Packed.Agensla-7343119-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.08769d |
| Cylance | Unsafe |
| Cyren | W32/MSIL_Kryptik.UY.gen!Eldorado |
| DrWeb | Trojan.PWS.Siggen2.34582 |
| ESET-NOD32 | a variant of MSIL/Kryptik.TGK |
| Emsisoft | Gen:Variant.Ser.MSILPerseus.4205 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Trojan.TR/Kryptik.lwymo |
| FireEye | Generic.mg.81366e1a478dcc00 |
| Fortinet | MSIL/Kryptik.THA!tr |
| GData | Trojan.GenericKD.32700362 |
| Ikarus | Trojan.Inject |
| Invincea | heuristic |
| Jiangmin | Trojan.PSW.MSIL.kjz |
| K7AntiVirus | Trojan ( 00559aeb1 ) |
| K7GW | Trojan ( 00559aeb1 ) |
| Kaspersky | HEUR:Trojan-PSW.MSIL.Agensla.gen |
| MAX | malware (ai score=81) |
| Malwarebytes | Backdoor.AveMaria |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | GenericRXIV-WA!81366E1A478D |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.jc |
| MicroWorld-eScan | Trojan.GenericKD.32700362 |
| Microsoft | Trojan:MSIL/NanoBot.DH!MTB |
| Paloalto | generic.ml |
| Panda | Trj/GdSda.A |
| Qihoo-360 | Win32/Trojan.PSW.374 |
| Rising | Trojan.NanoBot!8.80F2 (TFE:C:6GVyOEu2riH) |
| SentinelOne | DFI – Suspicious PE |
| Sophos | Mal/Generic-S |
| Symantec | Trojan.Gen.MBT |
| TrendMicro | Backdoor.MSIL.BLADABINDI.THJAGAI |
| TrendMicro-HouseCall | Backdoor.MSIL.BLADABINDI.THJAGAI |
| ViRobot | Trojan.Win32.Z.Kryptik.645632.T |
| Webroot | W32.Malware.gen |
| Yandex | Trojan.Kryptik!TL8wOlIuBBA |
| Zillya | Trojan.Kryptik.Win32.1791218 |
| ZoneAlarm | HEUR:Trojan-PSW.MSIL.Agensla.gen |
| Zoner | Trojan.Win32.82779 |
How to remove Backdoor.AveMaria?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment