How to remove “Backdoor.MSIL.NanoBot.bedb”?

Malware Removal

The Backdoor.MSIL.NanoBot.bedb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.MSIL.NanoBot.bedb virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
ghkiwuydmklopjdbcyuavxbnmsheyrhdgcvbzgyu.ydns.eu

How to determine Backdoor.MSIL.NanoBot.bedb?


File Info:

crc32: E7EBD566
md5: c9eb4c3a67621a605fb683f20ddf7ae9
name: C9EB4C3A67621A605FB683F20DDF7AE9.mlw
sha1: 7c8bb0d0f4949648bb93db1f36794590622f1514
sha256: 3c26f5ced9edb74f0d3eb432416db23fcf1f975a02347dc0c77465c01aec01f0
sha512: 746a950be11edf150bf04633a6eeec0722824cb9a24ec174e0142a22bd7ec4c26710371d793f3ddf0dbf32ecec1650b585941b78c449ebc014406ef7dda43ffb
ssdeep: 12288:zdsIRsQ/ffkCbgM+M/XA1ecR+wUzk4hE8uXk0YJys4C3z861RIUjxE+n:z2YfcC/RcRkva8uUNj9j93
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Co567909p.
InternalName:
FileVersion: 0
CompanyName: B6-0byutfe C.
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 61534fgd4s0
FileDescription:
OriginalFilename:
Translation: 0x0409 0x04e4

Backdoor.MSIL.NanoBot.bedb also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanGen:Variant.Zusy.338804
CAT-QuickHealTrojan.DriveHide.VN8
ALYacGen:Variant.Zusy.338804
SangforMalware
K7AntiVirusTrojan ( 004bec131 )
BitDefenderGen:Variant.Zusy.338804
K7GWTrojan ( 004bec131 )
Cybereasonmalicious.0f4949
CyrenW32/Injector.ACH.gen!Eldorado
SymantecTrojan.Gen.2
APEXMalicious
AvastWin32:PWSX-gen [Trj]
ClamAVWin.Malware.Generic-9784689-0
KasperskyBackdoor.MSIL.NanoBot.bedb
Ad-AwareGen:Variant.Zusy.338804
EmsisoftGen:Variant.Zusy.338804 (B)
DrWebBackDoor.SpyBotNET.25
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Fareit.ch
FireEyeGeneric.mg.c9eb4c3a67621a60
SophosMal/Generic-S
IkarusWin32.Outbreak
AviraTR/NanoCoreClient.hljps
MAXmalware (ai score=82)
MicrosoftPWS:Win32/Fareit!ml
ArcabitTrojan.Zusy.D52B74
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGen:Variant.Zusy.338804
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fareit.C4215420
McAfeeFareit-FZN!C9EB4C3A6762
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.MalPack.DLF
ESET-NOD32MSIL/NanoCore.E
RisingTrojan.Injector!1.CEB9 (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZelphiF.34634.3G0@aGEOHTgi
AVGWin32:PWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (D)
Qihoo-360HEUR/QVM20.1.4AFB.Malware.Gen

How to remove Backdoor.MSIL.NanoBot.bedb?

Backdoor.MSIL.NanoBot.bedb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment