Backdoor

Backdoor.Win32.Androm.day removal guide

Malware Removal

The Backdoor.Win32.Androm.day is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.day virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to delete volume shadow copies
  • Installs itself for autorun at Windows startup
  • Attempts to modify browser security settings
  • Creates a copy of itself
  • Harvests information related to installed mail clients
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Androm.day?



File Info:

crc32: 622A2B2E
md5: 4bb2392e02306b81fab787a9f45bec54
name: 4BB2392E02306B81FAB787A9F45BEC54.mlw
sha1: c03c5e107247ad5e84230459b624fdd2895c9dcb
sha256: 396ec39f4da29bf2169fde6e1a5d03cfcd808ee855e06d0f1e845e79ab6673df
sha512: 925a5fa6d8a85d67b70b5bde4a093b49f8cff1cd669ff76508fdc63c2aaf025d6bbdf7f77229d017a1b7efe710396e5142dd8773b7354f5c35b615f9a81f7d55
ssdeep: 12288:YZlR2/m72qKoqOckhU78F39herj81IYGpKo:AOm72qKoqOckhLQAo
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2011
InternalName: HD Tune Pro
FileVersion: 5, 0, 0, 0
CompanyName: EFD Software
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: HD Tune Pro
SpecialBuild: 
ProductVersion: 5, 0, 0, 0
FileDescription: HD Tune Pro
OriginalFilename: HDTunePro.EXE
Translation: 0x0409 0x04b0

Backdoor.Win32.Androm.day also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004aa0281 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.761
CynetMalicious (score: 100)
CAT-QuickHealWorm.Gamarue.WR5
ALYacTrojan.GenericKD.2028754
CylanceUnsafe
ZillyaTrojan.Crypren.Win32.116
SangforBackdoor.Win32.Androm.day
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaRansom:Win32/Teerac.a957dd76
K7GWTrojan ( 004aa0281 )
Cybereasonmalicious.e02306
BaiduWin32.Trojan.Kryptik.mu
CyrenW32/Trojan.AVGX-0827
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.TorrentLocker.A
ZonerTrojan.Win32.30763
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.Generickdz-7779688-0
KasperskyBackdoor.Win32.Androm.day
BitDefenderTrojan.GenericKD.2028754
NANO-AntivirusTrojan.Win32.Crypren.efgvln
MicroWorld-eScanTrojan.GenericKD.2028754
TencentWin32.Trojan.Inject.Auto
Ad-AwareTrojan.GenericKD.2028754
SophosMal/Generic-R + Troj/Wonton-MF
ComodoMalware@#34suy9cv1s3f6
BitDefenderThetaGen:NN.ZexaF.34670.Kq0@a4q3iGmi
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_FORUCON.BME
McAfee-GW-EditionGeneric.vi
FireEyeGeneric.mg.4bb2392e02306b81
EmsisoftTrojan.GenericKD.2028754 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Agent.hyao
WebrootW32.Infostealer.Zeus
AviraTR/Crypt.XPACK.116321
eGambitGeneric.Malware
Antiy-AVLTrojan[Ransom]/Win32.Crypren
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftRansom:Win32/Teerac.A
ArcabitTrojan.Generic.D1EF4D2
AegisLabTrojan.Win32.Androm.m!c
GDataWin32.Trojan.Agent.XE4VDY
TACHYONBackdoor/W32.Androm.603136
AhnLab-V3Trojan/Win32.ZBot.R131772
McAfeeGeneric.vi
MAXmalware (ai score=100)
VBA32Backdoor.Androm
MalwarebytesTrojan.Pseudo
PandaTrj/WLT.B
TrendMicro-HouseCallTROJ_FORUCON.BME
RisingBackdoor.Win32.Androm.nd (CLOUD)
YandexTrojan.GenAsa!erU+3HBG8p8
IkarusTrojan-Ransom.Crypren
FortinetW32/Filecoder.DI!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.TorrentLocker.HwoCEpsA

How to remove Backdoor.Win32.Androm.day?

Backdoor.Win32.Androm.day removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment