What is “Backdoor.Win32.Androm.qaxl”?

The Backdoor.Win32.Androm.qaxl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Androm.qaxl virus can do?

Unconventionial language used in binary resources: Chinese (Traditional)
Anomalous binary characteristics

How to determine Backdoor.Win32.Androm.qaxl?


File Info:
crc32: BE196F90
md5: a75b76fea4174c83a61cd9e970f49522
name: A75B76FEA4174C83A61CD9E970F49522.mlw
sha1: 2ae604d28f5620648b9fa89edd88c07c71642d25
sha256: 42b2f84e503000a98a9aa9f476d104389bdd766b74c3899b34a01b73138ea56d
sha512: 6fa1a1b1c9aca6a402affce7ff6ba501aa77cb8328439328182fd5dbdbf2e3f884ac24fb88f20c1fa09987131df5922490e97518278794d5b001309d139439f1
ssdeep: 3072:V6zwAVquGQVY5GCOC6QJ/oIbmARSKYQViQ1BEv0IClqEKivFbN94Sd8evpi1Tzy:Vk74JA1ARWdQS0IClqu4Ql0Y6Bv/
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0404 0x04b0
LegalCopyright: Trest_1
InternalName: Promontory
FileVersion: 1.00
CompanyName: Nicrosoft
LegalTrademarks: Trest_1
Comments: Trest_1
ProductName: Trest_1
ProductVersion: 1.00
FileDescription: Trest_1
OriginalFilename: Promontory.exe

Backdoor.Win32.Androm.qaxl also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Password-Stealer ( 004d88671 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.23680
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.PonyStealer.vm0@dqrOWQab
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Fareit.20919896
K7GW	Password-Stealer ( 004d88671 )
Cybereason	malicious.ea4174
Cyren	W32/Zbot.YX.gen!Eldorado
Symantec	Infostealer.Lokibot
ESET-NOD32	Win32/PSW.Fareit.L
Zoner	Trojan.Win32.68800
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Gamarue-9850559-0
Kaspersky	Backdoor.Win32.Androm.qaxl
BitDefender	Gen:Heur.PonyStealer.vm0@dqrOWQab
NANO-Antivirus	Trojan.Win32.Androm.feivzp
ViRobot	Trojan.Win32.Z.Androm.348160.Q
MicroWorld-eScan	Gen:Heur.PonyStealer.vm0@dqrOWQab
Tencent	Malware.Win32.Gencirc.114d2f4e
Ad-Aware	Gen:Heur.PonyStealer.vm0@dqrOWQab
Comodo	TrojWare.Script.UMal.kybrk@0
BitDefenderTheta	Gen:NN.ZevbaF.34670.vm0@aqrOWQab
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TrojanSpy.Win32.LOKI.SM.hp
McAfee-GW-Edition	BehavesLike.Win32.Fareit.fh
FireEye	Generic.mg.a75b76fea4174c83
Emsisoft	Gen:Heur.PonyStealer.vm0@dqrOWQab (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor.Androm.zyu
Avira	TR/PSW.Fareit.hzasw
eGambit	Unsafe.AI_Score_99%
Kingsoft	Win32.Hack.Androm.qa.(kcloud)
Microsoft	Trojan:Win32/Ymacco.AA42
Arcabit	Trojan.PonyStealer.E95AA5
AegisLab	Trojan.Win32.Androm.m!c
GData	Gen:Heur.PonyStealer.vm0@dqrOWQab
AhnLab-V3	Win-Trojan/VBKrypt.RP03.X1850
McAfee	Fareit-FMI!A75B76FEA417
MAX	malware (ai score=86)
VBA32	Backdoor.Androm
Malwarebytes	Spyware.PasswordStealer
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SM.hp
Rising	Trojan.Win32.Agent_.lz (CLOUD)
Yandex	Trojan.GenAsa!ucvKtqRF6s0
Ikarus	Trojan.Win32.Inject
Fortinet	W32/Injector.EBMW!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Androm.HwMAVzcA

How to remove Backdoor.Win32.Androm.qaxl?

Backdoor.Win32.Androm.qaxl removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X