Categories: Backdoor

Backdoor.Generic.792814 malicious file

The Backdoor.Generic.792814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.792814 virus can do?

  • Attempts to connect to a dead IP:Port (36 unique times)
  • Starts servers listening on 0.0.0.0:41826
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Creates an autorun.inf file
  • Sniffs keystrokes
  • Attempts to stop active services
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior
  • Generates some ICMP traffic

Related domains:

z.whorecord.xyz
a.tomx.xyz
whatismyip.everdot.org
www.whatismyip.com
www.showmyipaddress.com
whatismyipaddress.com
www.whatismyip.ca
www.facebook.com
fydarnfoduz.com
msycseqecs.com
jhwxluen.info
agjtrjto.net
fwcddz.net
rabrurfdwl.info
lsjzninttist.info
luarnfp.net
iwgkociqow.com
sscoagscsu.com
dzjjpasm.net
jpkhsubydbyj.net
ogoees.org
uuqmkcyk.com
ofxeqzbrxin.net
cdzznrnzbypj.net
jmrfkuu.info
syonvysd.info
rwesmqvem.net
fsusrxar.net
uamkoguomgma.org
ctgliqxunb.info
furskys.org
kjrcyhqc.info
uutlwwi.info
wsxtxbhtatx.net
bblghnuibel.net
nsdpkmcdvt.info
fqpcqphdya.info
wsjoscjnzaf.net
xnukel.net
groqrdl.net
ratsoobut.com
sqqiel.info
oqjxswvenxr.net
jzgjkc.info
sqncgskjbab.info
heqhgkaxppyg.net
agicsk.com
drrlfqizrxog.info
tcegpkql.net
ifhfof.info
ujfbpflbfbi.info
iigorit.net
nktsbjzktjvb.net
fgflshbfjw.info
dfjcgmtox.com
hfvycklnidfe.net
vzjflerclv.info
navgxyton.info
kibxxvjlb.net
rzfbki.net
tuiljntvpb.net
xiypmgzzua.info

How to determine Backdoor.Generic.792814?



File Info:

crc32: 86C70E9Fmd5: 1a9de018bb9b4d6a3eba0fe967608172name: 1A9DE018BB9B4D6A3EBA0FE967608172.mlwsha1: 1898c6eec469fe552f1be5ca63cb4417c12b3cb0sha256: 3ad971d2c93140165c588098ad98f520ae6dff21ad3576eccc9056ba783d38b1sha512: 641ce1454e67928d41996e324c2db6af2490fa39209d8cd2571342184b30fac82bd4a64745c3a4f6789f0f327357c8c7c18ff2d94c8cc45c728790228dfa8b7bssdeep: 12288:ApUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqs/rlu:ApUNr6YkVRFkgbeqeo68FhqyrMtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor.Generic.792814 also known as:

Bkav W32.ZeaorwsgjokXB.Trojan
K7AntiVirus Backdoor ( 002ddfdb1 )
Elastic malicious (high confidence)
DrWeb Trojan.KillAV.47
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.KillAv.DR
ALYac Backdoor.Generic.792814
Cylance Unsafe
Zillya Trojan.AntiAV.Win32.2243
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:Win32/Zepfod.0f73fc93
K7GW Backdoor ( 002ddfdb1 )
Cybereason malicious.8bb9b4
TrendMicro BKDR_KILLAV.SM
Baidu Win32.Backdoor.Agent.q
Cyren W32/Backdoor.CLWD-5549
Symantec Backdoor.Trojan
ESET-NOD32 Win32/AutoRun.Agent.UD
Zoner Trojan.Win32.54103
APEX Malicious
Avast Win32:GenMalicious-BJV [Trj]
ClamAV Win.Trojan.Zepfod-6747518-0
Kaspersky Backdoor.Win32.Zepfod.yy
BitDefender Backdoor.Generic.792814
NANO-Antivirus Trojan.Win32.Zepfod.bdqfn
ViRobot Trojan.Win32.AntiAV.577536
SUPERAntiSpyware Trojan.Agent/Gen-AntiAV
MicroWorld-eScan Backdoor.Generic.792814
Tencent Backdoor.Win32.Zepfod.aaa
Ad-Aware Backdoor.Generic.792814
Sophos Troj/Bckdr-RAJ
Comodo TrojWare.Win32.Scar.GF@1s6ub7
F-Secure Trojan.TR/Zugy.iks.1
BitDefenderTheta AI:Packer.0F84B57A1F
VIPRE Worm.Win32.Pykspa (v)
Invincea ML/PE-A + Troj/Bckdr-RAJ
McAfee-GW-Edition BehavesLike.Win32.Sality.fh
FireEye Generic.mg.1a9de018bb9b4d6a
Emsisoft Backdoor.Generic.792814 (B)
SentinelOne DFI – Malicious PE
Jiangmin Backdoor/Zepfod.e
Webroot W32.Sality.Gen
Avira TR/Zugy.iks.1
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan[Backdoor]/Win32.Zepfod
Microsoft Trojan:Win32/Killav.DR
Arcabit Backdoor.Generic.DC18EE
AegisLab Trojan.Win32.Zepfod.lAtB
ZoneAlarm Backdoor.Win32.Zepfod.yy
GData Backdoor.Generic.792814
AhnLab-V3 Win-Trojan/Killav.577536.G
Acronis suspicious
McAfee BackDoor-EJG
MAX malware (ai score=100)
Malwarebytes Trojan.KillAV
Panda W32/SpySkype.E
TrendMicro-HouseCall BKDR_KILLAV.SM
Rising HackTool.Obfuscator!1.65F9 (CLASSIC)
Yandex Backdoor.Zepfod!WVKWmMMJuzs
Ikarus Trojan.Win32.KillAV
MaxSecure Backdoor.Zepfod.yy
Fortinet W32/Generic.AC.5027!tr
AVG Win32:GenMalicious-BJV [Trj]
Paloalto generic.ml
Qihoo-360 Win32/Trojan.e18

How to remove Backdoor.Generic.792814?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzagicsk.comagjtrjto.netBackdoor.Generic.792814bblghnuibel.netcdzznrnzbypj.netctgliqxunb.infodfjcgmtox.comdrrlfqizrxog.infodzjjpasm.netfgflshbfjw.infofqpcqphdya.infofsusrxar.netfurskys.orgfwcddz.netfydarnfoduz.comgroqrdl.netheqhgkaxppyg.nethfvycklnidfe.netifhfof.infoiigorit.netiwgkociqow.comjhwxluen.infojmrfkuu.infojpkhsubydbyj.netjzgjkc.infokibxxvjlb.netkjrcyhqc.infolsjzninttist.infoluarnfp.netmsycseqecs.comnavgxyton.infonktsbjzktjvb.netnsdpkmcdvt.infoofxeqzbrxin.netogoees.orgoqjxswvenxr.netrabrurfdwl.inforatsoobut.comrwesmqvem.netrzfbki.netsqncgskjbab.infosqqiel.infosscoagscsu.comsyonvysd.infotcegpkql.nettuiljntvpb.netuamkoguomgma.orgujfbpflbfbi.infouuqmkcyk.comuutlwwi.infovzjflerclv.infowhatismyip.everdot.orgwhatismyipaddress.comwsjoscjnzaf.netwsxtxbhtatx.netwww.facebook.comwww.showmyipaddress.comwww.whatismyip.cawww.whatismyip.comxiypmgzzua.infoxnukel.netz.whorecord.xyz
3 years ago

Recent Posts

About “Malware.Heuristic.2013” infection

The Malware.Heuristic.2013 is considered dangerous by lots of security experts. When this infection is active,…

30 mins ago

Application.Bundler.iStartSurf.264 (file analysis)

The Application.Bundler.iStartSurf.264 is considered dangerous by lots of security experts. When this infection is active,…

30 mins ago

Should I remove “Ursu.726157”?

The Ursu.726157 is considered dangerous by lots of security experts. When this infection is active,…

30 mins ago

About “Virus:Win32/Xpaj.B” infection

The Virus:Win32/Xpaj.B is considered dangerous by lots of security experts. When this infection is active,…

35 mins ago

Trojan.GenericPMF.S32612790 malicious file

The Trojan.GenericPMF.S32612790 is considered dangerous by lots of security experts. When this infection is active,…

40 mins ago

MemScan:Worm.Bundpil.B information

The MemScan:Worm.Bundpil.B is considered dangerous by lots of security experts. When this infection is active,…

56 mins ago