Categories: Backdoor

How to remove “Backdoor.MSIL.NanoBot.bedb”?

The Backdoor.MSIL.NanoBot.bedb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.NanoBot.bedb virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to remove evidence of file being downloaded from the Internet
Tries to unhook or modify Windows functions monitored by Cuckoo
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Nanocore RAT
Creates a copy of itself
Attempts to interact with an Alternate Data Stream (ADS)
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

ghkiwuydmklopjdbcyuavxbnmsheyrhdgcvbzgyu.ydns.eu

How to determine Backdoor.MSIL.NanoBot.bedb?


File Info:
crc32: E7EBD566md5: c9eb4c3a67621a605fb683f20ddf7ae9name: C9EB4C3A67621A605FB683F20DDF7AE9.mlwsha1: 7c8bb0d0f4949648bb93db1f36794590622f1514sha256: 3c26f5ced9edb74f0d3eb432416db23fcf1f975a02347dc0c77465c01aec01f0sha512: 746a950be11edf150bf04633a6eeec0722824cb9a24ec174e0142a22bd7ec4c26710371d793f3ddf0dbf32ecec1650b585941b78c449ebc014406ef7dda43ffbssdeep: 12288:zdsIRsQ/ffkCbgM+M/XA1ecR+wUzk4hE8uXk0YJys4C3z861RIUjxE+n:z2YfcC/RcRkva8uUNj9j93type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Co567909p.InternalName: FileVersion: 0CompanyName: B6-0byutfe C.LegalTrademarks: Comments: ProductName: ProductVersion: 61534fgd4s0FileDescription: OriginalFilename: Translation: 0x0409 0x04e4

Backdoor.MSIL.NanoBot.bedb also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Gen:Variant.Zusy.338804
CAT-QuickHeal	Trojan.DriveHide.VN8
ALYac	Gen:Variant.Zusy.338804
Sangfor	Malware
K7AntiVirus	Trojan ( 004bec131 )
BitDefender	Gen:Variant.Zusy.338804
K7GW	Trojan ( 004bec131 )
Cybereason	malicious.0f4949
Cyren	W32/Injector.ACH.gen!Eldorado
Symantec	Trojan.Gen.2
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Malware.Generic-9784689-0
Kaspersky	Backdoor.MSIL.NanoBot.bedb
Ad-Aware	Gen:Variant.Zusy.338804
Emsisoft	Gen:Variant.Zusy.338804 (B)
DrWeb	BackDoor.SpyBotNET.25
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Fareit.ch
FireEye	Generic.mg.c9eb4c3a67621a60
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Avira	TR/NanoCoreClient.hljps
MAX	malware (ai score=82)
Microsoft	PWS:Win32/Fareit!ml
Arcabit	Trojan.Zusy.D52B74
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Zusy.338804
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Fareit.C4215420
McAfee	Fareit-FZN!C9EB4C3A6762
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.MalPack.DLF
ESET-NOD32	MSIL/NanoCore.E
Rising	Trojan.Injector!1.CEB9 (CLASSIC)
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZelphiF.34634.3G0@aGEOHTgi
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_60% (D)
Qihoo-360	HEUR/QVM20.1.4AFB.Malware.Gen