Backdoor.DCRat removal instruction

The Backdoor.DCRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.DCRat virus can do?

Creates RWX memory
Detected script timer window indicative of sleep style evasion
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
A scripting utility was executed
Uses Windows utilities for basic functionality
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Attempts to interact with an Alternate Data Stream (ADS)
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.DCRat?


File Info:
crc32: DAFD4CF8
md5: df64af933dfaf7aa30570cc9239f9168
name: c9675be9896d63f4d3020729f4f2bddd854a7000.exe
sha1: 70f44dc2e7b918dea69ee962d01ce9b0da0b25b5
sha256: 98b13d8d760055f2471072c97e60ee6cc9cf8b3daab2765cbe29a64894b5a0b5
sha512: dc3a373544054bf7a24e4c6142446e4209595021aa650e7f0af4847b4b4b3e5c47c841a2a294e8db90a24ee799a1cefda1658e7b51e8294d5cbd58461561e344
ssdeep: 49152:2+XvFDhff7eSR6FKnp2AThMm30yLWdOnB1N1lj2sTiHeQAvN:jBtgnATl3zLWcnRj2s+AN
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
0: [No Data]

Backdoor.DCRat also known as:

MicroWorld-eScan	Trojan.GenericKD.32993287
FireEye	Generic.mg.df64af933dfaf7aa
CAT-QuickHeal	Trojan.Wacatac
McAfee	GenericRXJO-BH!DF64AF933DFA
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.lXNp
Sangfor	Malware
K7AntiVirus	Trojan ( 0054f7ba1 )
BitDefender	Trojan.GenericKD.32993287
K7GW	Trojan ( 0054f7ba1 )
Cybereason	malicious.33dfaf
TrendMicro	TROJ_GEN.R002C0WAS20
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Rasftuby-7369445-0
GData	Trojan.GenericKD.32993287
Kaspersky	Trojan.Win32.Vasal.akk
Alibaba	Trojan:Win32/Vasal.0e6058f0
Tencent	Win32.Trojan.Vasal.Wugy
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.32993287 (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Heuristic.HEUR/AGEN.1041002
DrWeb	Trojan.PWS.Stealer.27916
Zillya	Trojan.Vasal.Win32.23
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.PUPXDE.vc
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Rasftuby
Cyren	W32/Trojan.OANE-8344
Avira	HEUR/AGEN.1041002
MAX	malware (ai score=81)
Arcabit	Trojan.Generic.D1F77007
ZoneAlarm	Trojan.Win32.Vasal.akk
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	Dropper/Win32.RL_Agent.R266317
Acronis	suspicious
VBA32	Trojan.Vasal
ALYac	Trojan.GenericKD.32993287
Ad-Aware	Trojan.GenericKD.32993287
Malwarebytes	Backdoor.DCRat
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Packed.Enigma.CC
TrendMicro-HouseCall	TROJ_GEN.R002C0WAS20
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Enigma.CC!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Generic/HEUR/QVM11.1.D58F.Malware.Gen

How to remove Backdoor.DCRat?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor.DCRat removal instruction