Backdoor

Backdoor.Httpbot removal guide

Malware Removal

The Backdoor.Httpbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Httpbot virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor.Httpbot?



File Info:

name: 855B270FBA75802A52D8.mlw
path: /opt/CAPEv2/storage/binaries/829e3a18d8ca54631da9ff1fc5955bd2e8db93d4b0a2ed5dc21c91c7b878c322
crc32: 8DDE3B5F
md5: 855b270fba75802a52d86548be8b6058
sha1: 412a8a408ae01aabcae635d34cdad92cf597ae33
sha256: 829e3a18d8ca54631da9ff1fc5955bd2e8db93d4b0a2ed5dc21c91c7b878c322
sha512: 4a0d5efc9f524e9ff3b7bf08b63a63d221e03fb39fe8cd57815da5e627b522ce775905c2c3feb6bcc514d10fb7e36440b1af331b901b29be13e9548b609e8c8f
ssdeep: 3072:/4foCtrOxYGKZQ0KwTnbJILTY7yFMN6ZSJhxvhJ0K9apNaGfe5ioENcEL3c27Nyx:6oCtgYGKZtTbO60wQSJjhVa3fe5ioENj
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T18F041238813C6897E1AA83717F5F65670A9DB442B6441C680F72677B3C1128FAFF129B
sha3_384: cd53a4a3898aa4d11d01f1c167670ff531165d188071645175da8860ee193840c5e59dbeab7afc4089497fc0394e355d
ep_bytes: 807c2408010f85e70b000060be00c008
timestamp: 2006-12-25 14:55:00


Version Info:

Comments: 
CompanyName: http://www.UIPower.com
FileDescription: Skin++ GUI Toolkit
FileVersion: 3, 0, 0, 0
InternalName: Skin++
LegalCopyright: 版权所有(C) 2004-2006 上海勇进软件有限公司
LegalTrademarks: 
OriginalFilename: SkinPlusPlus.DLL
PrivateBuild: 
ProductName: SkinPlusPlus Dynamic Link Library
ProductVersion: 3, 0, 0, 0
SpecialBuild: 20061026
Translation: 0x0804 0x04b0

Backdoor.Httpbot also known as:

BkavW32.Common.CC37806C
LionicTrojan.Win32.Generic.4!c
SkyhighBehavesLike.Win32.Generic.cc
McAfeeArtemis!855B270FBA75
ZillyaBackdoor.Httpbot.Win32.674
VirITBackdoor.Win32.Generic.BSUN
TrendMicro-HouseCallTROJ_GEN.R002H0CAO24
KasperskyUDS:DangerousObject.Multi.Generic
NANO-AntivirusTrojan.Win32.Agent.dinfho
AvastWin32:Malware-gen
GoogleDetected
Antiy-AVLTrojan/Win32.Wacatac
KingsoftWin32.Troj.Unknown.a
XcitiumMalware@#1jpf3i5rxor5o
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
CynetMalicious (score: 100)
VBA32Backdoor.Httpbot
Cylanceunsafe
RisingTrojan.Win32.Generic.15273176 (C64:YzY0OpJZM0JfitLD)
YandexTrojan.GenAsa!9ZI1t8AvlUg
IkarusWin32.Malware
MaxSecureTrojan.Malware.2345164.susgen
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Backdoor.Httpbot?

Backdoor.Httpbot removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment