Backdoor

Backdoor.MSIL.Remcos removal tips

Malware Removal

The Backdoor.MSIL.Remcos is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.MSIL.Remcos virus can do?

  • Network activity detected but not expressed in API logs

How to determine Backdoor.MSIL.Remcos?


File Info:

crc32: 3FC9F9C7
md5: 08a4e1b5a0b3abb356ab3b003d2fba7f
name: paystub.exe
sha1: 28fe44058580c72ef0c0a1c84fda069e7d64586d
sha256: 0dfa68a83cdc9402d2b5baf420397e96ec0e0de0f36fd562a44f731302fa4874
sha512: dd6280a788bc7d8e30a36d358a65a6bc7061247d5ffeddb1961fef1cee1a2c20e126bd2f0c4a5ee2d1b6e7340cc65507c110f01f2f458bd2e2fedd5b21bca2c0
ssdeep: 12288:ebxxPcV7EKsMNIE15q47L/XuJR0jiTKUks1FVF:ebkVQKs0IE17L/XuJmmKUD
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: trip.exe
FileVersion: 2.3.3.4
CompanyName: ROMANIUC BUSINESS SOLUTIONS LTD
Comments: Smooth audio output and sound management
ProductName: Plugin for Audio Protocol and Output Whitlisting
ProductVersion: 2.3.3.4
FileDescription: Plugin for Audio Protocol and Output Whitlisting
OriginalFilename: trip.exe

Backdoor.MSIL.Remcos also known as:

MicroWorld-eScanTrojan.GenericKD.32868796
FireEyeGeneric.mg.08a4e1b5a0b3abb3
Qihoo-360Win32/Backdoor.23a
ALYacTrojan.Agent.Wacatac
MalwarebytesTrojan.PCrypt.MSIL.Generic
VIPRETrojan.Win32.Generic!BT
SangforMalware
BitDefenderTrojan.GenericKD.32868796
K7GWTrojan ( 0055c1231 )
BitDefenderThetaGen:NN.ZemsilF.33558.0m0@aiuTyGc
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.GenericKD.32868796
KasperskyHEUR:Backdoor.MSIL.Remcos.gen
AlibabaTrojan:Win32/Kryptik.ali2000016
AegisLabTrojan.Multi.Generic.4!c
AvastWin32:PWSX-gen [Trj]
Ad-AwareTrojan.GenericKD.32868796
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Remcos.lfcai
DrWebBackDoor.Remcos.277
McAfee-GW-EditionTrojan-FRAX!08A4E1B5A0B3
EmsisoftTrojan.GenericKD.32868796 (B)
IkarusTrojan-Spy.HawkEye
CyrenW32/Trojan.WKOC-3314
WebrootW32.Trojan.Gen
AviraTR/AD.Remcos.lfcai
ArcabitTrojan.Generic.D1F589BC
ZoneAlarmHEUR:Backdoor.MSIL.Remcos.gen
MicrosoftTrojan:Win32/Tiggre!plock
McAfeeTrojan-FRAX!08A4E1B5A0B3
CylanceUnsafe
ESET-NOD32a variant of MSIL/Injector.UQS
TrendMicro-HouseCallTROJ_GEN.R002H06LN19
SentinelOneDFI – Malicious PE
FortinetMSIL/UQS!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Backdoor.MSIL.Remcos?

Backdoor.MSIL.Remcos removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment