Categories: Backdoor

Backdoor.BetaBot removal instruction

The Backdoor.BetaBot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.BetaBot virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
Executed a process and injected code into it, probably while unpacking
Detects Bitdefender Antivirus through the presence of a library
Detects the presence of Wine emulator via function name
Enumerates services, possibly for anti-virtualization
Deletes its original binary from disk
Attempts to remove evidence of file being downloaded from the Internet
Tries to unhook or modify Windows functions monitored by Cuckoo
Exhibits behavior characteristics of BetaBot / Neurevt malware
Creates a hidden or system file
Attempts to identify installed analysis tools by a known file location
Attempts to identify installed AV products by registry key
Checks the version of Bios, possibly for anti-virtualization
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a device
Detects VirtualBox through the presence of a file
Detects VMware through the presence of a device
Detects VMware through the presence of a file
Detects VMware through the presence of a registry key
Attempts to modify browser security settings
Operates on local firewall’s policies and settings
Creates a copy of itself
Attempts to disable browser security warnings
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

russk16.icu

How to determine Backdoor.BetaBot?


File Info:
crc32: A65CA3C6md5: 460f3bb7b35471a3fbc3dbd29080fa90name: file.exesha1: 693dd4268ad3120534f813e556b914c9c610fbf7sha256: d3d7ba21476c51772c40f0d229ea062dac475dbebd76703f5d50abccc4f80a0asha512: 94581c1a59e291d24a685ca224a070ab72bd3847accce6f40e2e6811caadffb532b034797417e75695b123e90978d504770885b2b241a713b7cf12747a14be38ssdeep: 6144:uQThURsRMtaPwQpJ6A95bweMIfH+wAKrZwBvPgkLQ1Dp:uQThksRMk/pJ6y0IfH+wAE2Kk4ptype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor.BetaBot also known as:

Bkav	W32.AIDetectVM.malware1
MicroWorld-eScan	Trojan.GenericKD.43570219
FireEye	Generic.mg.460f3bb7b35471a3
McAfee	RDN/Generic.dx
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
BitDefender	Trojan.GenericKD.43570219
K7GW	Trojan ( 0056bb371 )
Cybereason	malicious.68ad31
TrendMicro	TROJ_FSYSNA.SMA
BitDefenderTheta	Gen:NN.ZexaF.34144.qqZ@a48qzjbc
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Neurevt.I
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Ransomware.Cerber-5970127-0
GData	Trojan.GenericKD.43570219
Kaspersky	Trojan.Win32.Neurevt.afnv
Alibaba	Trojan:Win32/Neurevt.dd04e6fe
Rising	Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware	Trojan.GenericKD.43570219
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.BetaBot.ruyvq
DrWeb	Trojan.Siggen9.64462
Invincea	heuristic
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.43570219 (B)
Ikarus	Trojan.Win32.Krypt
Avira	TR/AD.BetaBot.ruyvq
MAX	malware (ai score=81)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D298D42B
AegisLab	Trojan.Multi.Generic.4!c
ZoneAlarm	Trojan.Win32.Neurevt.afnv
Microsoft	Trojan:Win32/Ymacco.AAD3
Cynet	Malicious (score: 85)
VBA32	BScope.TrojanPSW.Racealer
ALYac	Trojan.GenericKD.43570219
Malwarebytes	Backdoor.BetaBot
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_FSYSNA.SMA
SentinelOne	DFI – Suspicious PE
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.6b1