Categories: Backdoor

How to remove “Backdoor.Generic.791885”?

The Backdoor.Generic.791885 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Generic.791885 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Tries to unhook or modify Windows functions monitored by Cuckoo
Attempts to modify proxy settings
Anomalous binary characteristics

How to determine Backdoor.Generic.791885?


File Info:
name: 51F5C875D9F1F926E3A8.mlwpath: /opt/CAPEv2/storage/binaries/6ec0d94c7e96aecea4a17226349302660b8195e675ca5ca1704b06452ab775f7crc32: F885AFDBmd5: 51f5c875d9f1f926e3a8358178d9e2b0sha1: e3c119f386a68fd283e82088df9309990fdd58c5sha256: 6ec0d94c7e96aecea4a17226349302660b8195e675ca5ca1704b06452ab775f7sha512: d666e1b51e8cc995926a675ad76c246946e64305f9401bcfd4814370d8daa037be952674aaa596cf1a870df9fae634def024fb56501c8db38dd339ac98646276ssdeep: 49152:EHW7Dv64NTZaqdwk0c05HGifB09+s8KuqGaX0ToIBAUZLYwvB0J:j3C4NYqdwkLcHHfB02JBAUZLDvB0Jtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11DC5E142F7828175E9274B30447B7F3A9523ED21AF389AD7B764FA591F332D0842E11Asha3_384: e97beb0e6b56930d2afea1eed17ffbc1049d5be8d8911e0aa99e68386ef9e06620f422d92e19910b62501db5e547e44bep_bytes: 558bec6aff68289e64006874e2460064timestamp: 2013-01-03 04:20:15
Version Info:
FileVersion: 1.0.0.0FileDescription: 鼠标键盘自动点击程序ProductName: 按键助手-自动点击鼠标键盘ProductVersion: 1.0.0.0CompanyName: 小壮LegalCopyright: 小壮 版权所有Comments: 鼠标键盘自动点击程序Translation: 0x0804 0x04b0

Backdoor.Generic.791885 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.51f5c875d9f1f926
CAT-QuickHeal	W32.Virut.G
McAfee	GenericRXAA-AA!51F5C875D9F1
Cylance	Unsafe
K7AntiVirus	Trojan ( 005246d51 )
Alibaba	Backdoor:Win32/Genome.6b4a7e17
K7GW	Adware ( 004b87ea1 )
CrowdStrike	win/malicious_confidence_70% (D)
BitDefenderTheta	AI:FileInfector.C2A5779617
VirIT	Backdoor.Win32.Generic.BGLM
Cyren	W32/FlyStudio.E.gen!Eldorado
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
ClamAV	Win.Trojan.Flystudio-9943951-0
BitDefender	Backdoor.Generic.791885
NANO-Antivirus	Trojan.Win32.Turkojan.cwgjdc
MicroWorld-eScan	Backdoor.Generic.791885
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.10bb3334
Ad-Aware	Backdoor.Generic.791885
Emsisoft	Backdoor.Generic.791885 (B)
Comodo	Worm.Win32.Dropper.RA@1qraug
DrWeb	Trojan.Advload.499
Zillya	Backdoor.Turkojan.Win32.20830
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Sophos	Generic ML PUA (PUA)
APEX	Malicious
GData	Win32.Trojan.PSE.1THOGOA
Jiangmin	Backdoor/Turkojan.flm
MAX	malware (ai score=86)
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
SentinelOne	Static AI – Malicious PE
AhnLab-V3	Trojan/Win32.Backdoor.R120099
ALYac	Backdoor.Generic.791885
VBA32	Backdoor.Turkojan
Malwarebytes	Trojan.MalPack.FlyStudio
Yandex	Backdoor.Turkojan!CWfAXpTJGsM
Ikarus	Trojan.Win32.Genome
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic.AC.56525!tr
AVG	Win32:Malware-gen
Cybereason	malicious.5d9f1f
Panda	Bck/Turkojan.J