Categories: Backdoor

Backdoor.Httpbot removal guide

The Backdoor.Httpbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Httpbot virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor.Httpbot?


File Info:
name: 855B270FBA75802A52D8.mlwpath: /opt/CAPEv2/storage/binaries/829e3a18d8ca54631da9ff1fc5955bd2e8db93d4b0a2ed5dc21c91c7b878c322crc32: 8DDE3B5Fmd5: 855b270fba75802a52d86548be8b6058sha1: 412a8a408ae01aabcae635d34cdad92cf597ae33sha256: 829e3a18d8ca54631da9ff1fc5955bd2e8db93d4b0a2ed5dc21c91c7b878c322sha512: 4a0d5efc9f524e9ff3b7bf08b63a63d221e03fb39fe8cd57815da5e627b522ce775905c2c3feb6bcc514d10fb7e36440b1af331b901b29be13e9548b609e8c8fssdeep: 3072:/4foCtrOxYGKZQ0KwTnbJILTY7yFMN6ZSJhxvhJ0K9apNaGfe5ioENcEL3c27Nyx:6oCtgYGKZtTbO60wQSJjhVa3fe5ioENjtype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windowstlsh: T18F041238813C6897E1AA83717F5F65670A9DB442B6441C680F72677B3C1128FAFF129Bsha3_384: cd53a4a3898aa4d11d01f1c167670ff531165d188071645175da8860ee193840c5e59dbeab7afc4089497fc0394e355dep_bytes: 807c2408010f85e70b000060be00c008timestamp: 2006-12-25 14:55:00
Version Info:
Comments: CompanyName: http://www.UIPower.comFileDescription: Skin++ GUI ToolkitFileVersion: 3, 0, 0, 0InternalName: Skin++LegalCopyright: 版权所有(C) 2004-2006 上海勇进软件有限公司LegalTrademarks: OriginalFilename: SkinPlusPlus.DLLPrivateBuild: ProductName: SkinPlusPlus Dynamic Link LibraryProductVersion: 3, 0, 0, 0SpecialBuild: 20061026Translation: 0x0804 0x04b0

Backdoor.Httpbot also known as:

Bkav	W32.Common.CC37806C
Lionic	Trojan.Win32.Generic.4!c
Skyhigh	BehavesLike.Win32.Generic.cc
McAfee	Artemis!855B270FBA75
Zillya	Backdoor.Httpbot.Win32.674
VirIT	Backdoor.Win32.Generic.BSUN
TrendMicro-HouseCall	TROJ_GEN.R002H0CAO24
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.Agent.dinfho
Avast	Win32:Malware-gen
Google	Detected
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#1jpf3i5rxor5o
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Cynet	Malicious (score: 100)
VBA32	Backdoor.Httpbot
Cylance	unsafe
Rising	Trojan.Win32.Generic.15273176 (C64:YzY0OpJZM0JfitLD)
Yandex	Trojan.GenAsa!9ZI1t8AvlUg
Ikarus	Win32.Malware
MaxSecure	Trojan.Malware.2345164.susgen
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS