Backdoor.Gbot removal instruction

The Backdoor.Gbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Gbot virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor.Gbot?


File Info:
name: 1B371531F2297CE6F1BD.mlw
path: /opt/CAPEv2/storage/binaries/dc85b209c486987942852c82ebf9594a81bb23b1afced48675b090570f909e64
crc32: 430C7686
md5: 1b371531f2297ce6f1bd270872ee3ab4
sha1: e482478ab19776471d74b09275d4be81371dc3e6
sha256: dc85b209c486987942852c82ebf9594a81bb23b1afced48675b090570f909e64
sha512: bac112e896aaff7e345d8bb8c8f65eeb8f188c6e4fa088e4cbd9aea02be91b2f18a9eea5f4c1374873fc8e9d829ef5522d8afe1f2644c777c338a695efae2e43
ssdeep: 6144:WeYbbNWfAc/cQcpOYmge2OeYbbNWfAc/cQcpOYmge2OeYbbNWfAc/cQcpOYmge:QLklnrrLklnrrLklnr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A45E6206A9DBD02F83DB134C4FC8401B7B71DE45EB5914ABA9CCA5E1F69DD84CD828B
sha3_384: f55f2cb34c204487ab0edd35df1d4655a8da133f3d2af78f3e205f6f7cc5b4a7acd77cf82bba447ed864207ecbbb229f
ep_bytes: 64a100000000558bec6aff6828114000
timestamp: 1998-02-13 05:40:14

Version Info:
CompanyName: Microsoft Corporation
FileDescription: ASD
FileVersion: 4.10.1691
InternalName: ASD
LegalCopyright: Copyright (C) Microsoft Corp. 1998
OriginalFilename: ASD.EXE
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 4.10.1691
Translation: 0x0409 0x04e4

Backdoor.Gbot also known as:

tehtris	Generic.Malware
DrWeb	Trojan.Encoder.14453
FireEye	Generic.mg.1b371531f2297ce6
Cylance	Unsafe
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Symantec	Ransom.Wannacry
Elastic	malicious (high confidence)
APEX	Malicious
ClamAV	Win.Trojan.Agent-6943819-1
Kaspersky	Backdoor.Win32.Gbot.anwy
Avast	Win32:Agent-BCFZ [Trj]
Tencent	Malware.Win32.Gencirc.11bbd698
McAfee-GW-Edition	BehavesLike.Win32.Generic.tm
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan.Agent.PXU9MC
Google	Detected
Avira	HEUR/AGEN.1240783
Antiy-AVL	Trojan/Generic.ASCommon.234
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Agent.C5225972
McAfee	Artemis!1B371531F229
VBA32	Backdoor.Gbot
Malwarebytes	Sivis.Virus.FileInfector.DDS
Rising	Virus.Sivis!1.A647 (CLASSIC)
Ikarus	Win32.Sivis
MaxSecure	not-a-virus:Backdoor.Win32.Gbot.anwy
Fortinet	W32/Ausiv.A
AVG	Win32:Agent-BCFZ [Trj]
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Backdoor.Gbot?

Backdoor.Gbot removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X