Backdoor

Backdoor.Tordev information

Malware Removal

The Backdoor.Tordev is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Tordev virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys

How to determine Backdoor.Tordev?



File Info:

crc32: 7E26FD14
md5: b8f4c8bf2bcb6226ef766feab25f25c0
name: dcr.exe
sha1: 1906dad154e2581e1e86b5a21fb50de40f768157
sha256: e72ec0bc2cd05e14d85af6c7a696cf8c0a495fb4b23918bc68e7c8b37b03f075
sha512: 8d412668c00819f60b1efa3b5e004407621203318a3af685a52741d77c1dc6c68b0dd1c2dd28d5f32727030ef0ab9cdfec48cb4b7213a44374206a32a0176059
ssdeep: 6144:PjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMnyoS:LFy9bPQZlFjrG0ZmYbwzoS
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) 1999
InternalName: MSRSAAPP
FileVersion: 1, 0, 0, 1
CompanyName: Microsoft Corp.
Comments: Remote Service Application
ProductName: Remote Service Application
ProductVersion: 4, 0, 0, 0
FileDescription: Remote Service Application
OriginalFilename: MSRSAAP.EXE
Translation: 0x0409 0x04b0

Backdoor.Tordev also known as:

BkavW32.DarnirisH.Trojan
MicroWorld-eScanTrojan.Inject.AUZ
FireEyeGeneric.mg.b8f4c8bf2bcb6226
CAT-QuickHealBackdoor.Fynloski.A9
ALYacTrojan.Inject.AUZ
CylanceUnsafe
VIPRETrojan.Win32.Generic!SB.0
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderTrojan.Inject.AUZ
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.f2bcb6
Invinceaheuristic
BitDefenderThetaAI:Packer.891BE84E1C
F-ProtW32/Fynloski.I.gen!Eldorado
SymantecBackdoor.Breut!gm
TotalDefenseWin32/Fynloski.A!generic
BaiduWin32.Backdoor.Agent.l
TrendMicro-HouseCallBKDR_FYNLOS.SMM
Paloaltogeneric.ml
ClamAVWin.Trojan.DarkKomet-1
GDataTrojan.Inject.AUZ
KasperskyBackdoor.Win32.DarkKomet.aagt
AlibabaBackdoor:Win32/DarkKomet.7b967a63
NANO-AntivirusTrojan.Win32.DarkKomet.dtlfre
ViRobotBackdoor.Win32.DarkKomet.238080
RisingBackdoor.Pontoeb!1.6637 (CLASSIC)
Ad-AwareTrojan.Inject.AUZ
SophosTroj/Backdr-ID
ComodoTrojWare.Win32.Fynloski.B@57zt85
F-SecureBackdoor.BDS/Backdoor.Gen
DrWebBackDoor.Tordev.8
ZillyaBackdoor.DarkKomet.Win32.14560
TrendMicroBKDR_FYNLOS.SMM
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
SentinelOneDFI – Malicious PE
Trapminemalicious.high.ml.score
CMCBackdoor.Win32.DarkKomet!O
EmsisoftTrojan.Inject.AUZ (B)
APEXMalicious
CyrenW32/Fynloski.I.gen!Eldorado
JiangminTrojanDropper.Autoit.aqa
WebrootW32.Trojan.Gen
AviraBDS/Backdoor.Gen
Endgamemalicious (moderate confidence)
ArcabitTrojan.Inject.AUZ
SUPERAntiSpywareTrojan.Agent/Gen-Fynloski
ZoneAlarmBackdoor.Win32.DarkKomet.aagt
MicrosoftVirTool:Win32/CeeInject.AJJ!bit
TACHYONBackdoor/W32.DP-DarkKomet.674304
AhnLab-V3Win-Trojan/FCN.140610
Acronissuspicious
McAfeeGeneric.gj
MAXmalware (ai score=88)
VBA32Backdoor.Tordev
MalwarebytesBackdoor.Packed.DK
PandaTrj/Packed.B
ZonerTrojan.Win32.33772
ESET-NOD32a variant of Win32/Fynloski.AN
TencentBackdoor.Win32.Darkkomet.a
YandexTrojan.Comet.Gen.LO
IkarusBackdoor.Win32.Fynloski
FortinetW32/Generic.AC.55A6!tr
AVGFileRepMalware
AvastWin32:Evo-gen [Susp]
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Backdoor.DarkKomet.A

How to remove Backdoor.Tordev?

Backdoor.Tordev removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment