Categories: Backdoor

Backdoor.MSIL.NanoBot.aywc removal instruction

The Backdoor.MSIL.NanoBot.aywc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.NanoBot.aywc virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to remove evidence of file being downloaded from the Internet
Exhibits behavior characteristic of Nanocore RAT
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

zigf.ddns.net

How to determine Backdoor.MSIL.NanoBot.aywc?


File Info:
crc32: C8F0B35Cmd5: 60bcc45f086ddb00e5989ce2ee0aa117name: svhost.exesha1: 546bca6858caca6406ef93e5b1c1741a337547d1sha256: 8d9d0a5f190bb82dfe0005203c7f75acef0fd8047b80ce1b779e10fad0ac5931sha512: 6158b1c8cd7715ed6e8eb0db8eb0d86f84742ccba2f57dfed8dde5ab02294a8cb2087170edfd75e62e21d927a420a407c6164fe6b6fe6b12f46f93ed4f7fb332ssdeep: 24576:oCdxte/80jYLT3U1jfsWaizmZPL+HX/yUtsrf0PLhYCnVZeZuLzfQ:hw80cTsjkWaFUt7tpfeZe0type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0809 0x04b0

Backdoor.MSIL.NanoBot.aywc also known as:

FireEye	Generic.mg.60bcc45f086ddb00
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
TrendMicro	TROJ_GEN.R002C0TLD19
F-Prot	W32/AutoIt.IJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Autoit-7455045-0
GData	MSIL.Backdoor.Nancat.C7LHEF
Kaspersky	Backdoor.MSIL.NanoBot.aywc
Alibaba	Trojan:Win32/Predator.3a9de316
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Autoit.wqssa
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Cyren	W32/AutoIt.IJ.gen!Eldorado
Avira	TR/Autoit.wqssa
Endgame	malicious (high confidence)
ZoneAlarm	Backdoor.MSIL.NanoBot.aywc
Microsoft	Trojan:Win32/Predator.BC!MTB
AhnLab-V3	Win-Trojan/Autoinj05.Exp
McAfee	Artemis!60BCC45F086D
Malwarebytes	Trojan.MalPack.AutoIt
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Injector.Autoit.ESG
TrendMicro-HouseCall	TROJ_GEN.R002C0TLD19
Ikarus	Trojan.Autoit
Fortinet	AutoIt/Injector.ECS!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
Qihoo-360	HEUR/QVM10.2.DE0D.Malware.Gen