Categories: Backdoor

Backdoor.Win32.Androm.osbo removal guide

The Backdoor.Win32.Androm.osbo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.osbo virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Deletes its original binary from disk
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Spoofs its process name and/or associated pathname to appear as a legitimate process
Creates a hidden or system file
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

decscotia.com

How to determine Backdoor.Win32.Androm.osbo?


File Info:
crc32: B677A942md5: b14dd9ffe48bf9cde9f1c6d910503d0dname: B14DD9FFE48BF9CDE9F1C6D910503D0D.mlwsha1: 775a9c770ac19fd694ab6c5c4bfbb82fb096538esha256: ddcbfbdc3d842976bb91d436567333598429ec10d72fa1a445ce1eea887ca894sha512: d77e7d07b2c7bf305f6b4428d732890dcd6e71dddf4c4a552b4a3f239856ab721231a1be075f93b89c0d047986998bc85af98286697622bea63ca865e738a453ssdeep: 3072:glvb8Og6H4bGMTx/gPiqzEOqrabIX7Bam:i6zx/2nqrabQBtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0407 0x04b0InternalName: Grabbers2FileVersion: 1.03.0002CompanyName: Fiba fa FeRJaBaxLegalTrademarks: fA_BetexProductName: fab Lax Hax KaR foratioxProductVersion: 1.03.0002FileDescription: HTtp://www.BBA.xxOriginalFilename: Grabbers2.exe

Backdoor.Win32.Androm.osbo also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.Am0@cuFSLuq
FireEye	Generic.mg.b14dd9ffe48bf9cd
McAfee	Packed-WM!B14DD9FFE48B
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Gen:Heur.PonyStealer.Am0@cuFSLuq
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.fe48bf
BitDefenderTheta	Gen:NN.ZevbaF.34804.Am0@auFSLuq
Cyren	W32/VBInject.NI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Backdoor.Win32.Androm.osbo
Alibaba	Backdoor:Win32/Androm.8d46dfda
NANO-Antivirus	Trojan.Win32.Androm.evydsd
Rising	Malware.Undefined!8.C (CLOUD)
Ad-Aware	Gen:Heur.PonyStealer.Am0@cuFSLuq
Emsisoft	Gen:Heur.PonyStealer.Am0@cuFSLuq (B)
Comodo	Malware@#2jvqjbljmjo2m
F-Secure	Heuristic.HEUR/AGEN.1112811
TrendMicro	TrojanSpy.Win32.LOKI.SM.hp
McAfee-GW-Edition	Packed-WM!B14DD9FFE48B
Sophos	ML/PE-A + Mal/FareitVB-M
Ikarus	Trojan.Win32.Injector
Avira	HEUR/AGEN.1112811
Antiy-AVL	Trojan/Win32.TSGeneric
Microsoft	VirTool:Win32/VBInject.PB!bit
Arcabit	Trojan.PonyStealer.ED14E98
ZoneAlarm	Backdoor.Win32.Androm.osbo
GData	Gen:Heur.PonyStealer.Am0@cuFSLuq
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VBKrypt.R215556
Acronis	suspicious
ALYac	Gen:Heur.PonyStealer.Am0@cuFSLuq
MAX	malware (ai score=96)
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Injector.DUKW
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SM.hp
Tencent	Win32.Backdoor.Androm.Pcin
Yandex	Backdoor.Androm!lgKQHHX0Rmo
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/VBKryptik.DZLN!tr
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)