Categories: Backdoor

Backdoor.Fynloski.A9 malicious file

The Backdoor.Fynloski.A9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Fynloski.A9 virus can do?

  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys

How to determine Backdoor.Fynloski.A9?



File Info:

crc32: 7E26FD14md5: b8f4c8bf2bcb6226ef766feab25f25c0name: dcr.exesha1: 1906dad154e2581e1e86b5a21fb50de40f768157sha256: e72ec0bc2cd05e14d85af6c7a696cf8c0a495fb4b23918bc68e7c8b37b03f075sha512: 8d412668c00819f60b1efa3b5e004407621203318a3af685a52741d77c1dc6c68b0dd1c2dd28d5f32727030ef0ab9cdfec48cb4b7213a44374206a32a0176059ssdeep: 6144:PjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMnyoS:LFy9bPQZlFjrG0ZmYbwzoStype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Copyright (C) 1999InternalName: MSRSAAPPFileVersion: 1, 0, 0, 1CompanyName: Microsoft Corp.Comments: Remote Service ApplicationProductName: Remote Service ApplicationProductVersion: 4, 0, 0, 0FileDescription: Remote Service ApplicationOriginalFilename: MSRSAAP.EXETranslation: 0x0409 0x04b0

Backdoor.Fynloski.A9 also known as:

Bkav W32.DarnirisH.Trojan
MicroWorld-eScan Trojan.Inject.AUZ
FireEye Generic.mg.b8f4c8bf2bcb6226
CAT-QuickHeal Backdoor.Fynloski.A9
ALYac Trojan.Inject.AUZ
Cylance Unsafe
VIPRE Trojan.Win32.Generic!SB.0
K7AntiVirus Trojan ( 7000000f1 )
BitDefender Trojan.Inject.AUZ
K7GW Trojan ( 7000000f1 )
Cybereason malicious.f2bcb6
Invincea heuristic
BitDefenderTheta AI:Packer.891BE84E1C
F-Prot W32/Fynloski.I.gen!Eldorado
Symantec Backdoor.Breut!gm
TotalDefense Win32/Fynloski.A!generic
Baidu Win32.Backdoor.Agent.l
TrendMicro-HouseCall BKDR_FYNLOS.SMM
Paloalto generic.ml
ClamAV Win.Trojan.DarkKomet-1
GData Trojan.Inject.AUZ
Kaspersky Backdoor.Win32.DarkKomet.aagt
Alibaba Backdoor:Win32/DarkKomet.7b967a63
NANO-Antivirus Trojan.Win32.DarkKomet.dtlfre
ViRobot Backdoor.Win32.DarkKomet.238080
Rising Backdoor.Pontoeb!1.6637 (CLASSIC)
Ad-Aware Trojan.Inject.AUZ
Sophos Troj/Backdr-ID
Comodo TrojWare.Win32.Fynloski.B@57zt85
F-Secure Backdoor.BDS/Backdoor.Gen
DrWeb BackDoor.Tordev.8
Zillya Backdoor.DarkKomet.Win32.14560
TrendMicro BKDR_FYNLOS.SMM
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc
SentinelOne DFI – Malicious PE
Trapmine malicious.high.ml.score
CMC Backdoor.Win32.DarkKomet!O
Emsisoft Trojan.Inject.AUZ (B)
APEX Malicious
Cyren W32/Fynloski.I.gen!Eldorado
Jiangmin TrojanDropper.Autoit.aqa
Webroot W32.Trojan.Gen
Avira BDS/Backdoor.Gen
Endgame malicious (moderate confidence)
Arcabit Trojan.Inject.AUZ
SUPERAntiSpyware Trojan.Agent/Gen-Fynloski
ZoneAlarm Backdoor.Win32.DarkKomet.aagt
Microsoft VirTool:Win32/CeeInject.AJJ!bit
TACHYON Backdoor/W32.DP-DarkKomet.674304
AhnLab-V3 Win-Trojan/FCN.140610
Acronis suspicious
McAfee Generic.gj
MAX malware (ai score=88)
VBA32 Backdoor.Tordev
Malwarebytes Backdoor.Packed.DK
Panda Trj/Packed.B
Zoner Trojan.Win32.33772
ESET-NOD32 a variant of Win32/Fynloski.AN
Tencent Backdoor.Win32.Darkkomet.a
Yandex Trojan.Comet.Gen.LO
Ikarus Backdoor.Win32.Fynloski
Fortinet W32/Generic.AC.55A6!tr
AVG FileRepMalware
Avast Win32:Evo-gen [Susp]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.DarkKomet.A

How to remove Backdoor.Fynloski.A9?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Fynloski.A9MSRSAAPP
4 years ago

Recent Posts

How to remove “TrojanDownloader:Win32/Beebone.JS”?

The TrojanDownloader:Win32/Beebone.JS is considered dangerous by lots of security experts. When this infection is active,…

3 mins ago

Malware.AI.3495406708 removal tips

The Malware.AI.3495406708 is considered dangerous by lots of security experts. When this infection is active,…

13 mins ago

Malware.AI.4076777241 removal tips

The Malware.AI.4076777241 is considered dangerous by lots of security experts. When this infection is active,…

23 mins ago

About “Malware.AI.4109823579” infection

The Malware.AI.4109823579 is considered dangerous by lots of security experts. When this infection is active,…

48 mins ago

About “PUA:Win32/IminentToolbar” infection

The PUA:Win32/IminentToolbar is considered dangerous by lots of security experts. When this infection is active,…

58 mins ago

Malware.AI.1686126144 removal guide

The Malware.AI.1686126144 is considered dangerous by lots of security experts. When this infection is active,…

59 mins ago