Categories: Backdoor

Backdoor.Win32.Androm.tcxf removal guide

The Backdoor.Win32.Androm.tcxf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.tcxf virus can do?

Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (254 unique times)
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Likely virus infection of existing system binary
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Androm.tcxf?


File Info:
crc32: 831CEE53md5: 9ae6307c172e934a3edbcb71c9f36da2name: 9AE6307C172E934A3EDBCB71C9F36DA2.mlwsha1: e1b50042004aa0270c8ae3efcf8b4fc5fa0e3e80sha256: 1971c4246c3a50f607e449809d358f0d1281276461d39f2667563c9f377c7d5csha512: d7e12df24cafe8ecdd4c5180879db15079770ccfdcf4e0fe2992f4112f423f2f1b519f576e137a8e79ddbdbbb15eb28a559315a1869748980418238a45422c7dssdeep: 3072:LImtGuUQ/+p7fz7CYEonlkmvphSaRlAUZh4XbMOKkCH9h/XHA+Mf8DAw9FrqDm0:cmtZqlc52h48kCdh4SDAqeU1Yo2ykqtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) phyllopodium.exe 2019InternalName: 0,8,2,5FileVersion: 0.8.2.5CompanyName: nonbulbarProductName: swizzling.exeProductVersion: batterableFileDescription: geomanciesOriginalFilename: RIDTranslation: 0x0409 0x04b0

Backdoor.Win32.Androm.tcxf also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.28626
MicroWorld-eScan	Trojan.GenericKD.41557083
FireEye	Generic.mg.9ae6307c172e934a
McAfee	GenericRXII-BT!9AE6307C172E
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.9779
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00550b981 )
Alibaba	Backdoor:Win32/Androm.5434f1c0
K7GW	Trojan ( 00550b981 )
Cybereason	malicious.c172e9
Arcabit	Trojan.Generic.D27A1C5B
BitDefenderTheta	Gen:NN.ZexaF.34590.wu0@aGff!7pi
Cyren	W32/Kryptik.ADQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Filecoder.Phobos.C
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Backdoor.Win32.Androm.tcxf
BitDefender	Trojan.GenericKD.41557083
NANO-Antivirus	Trojan.Win32.Androm.fvnwmh
Paloalto	generic.ml
AegisLab	Trojan.Win32.Androm.m!c
Tencent	Malware.Win32.Gencirc.1169dfc9
Ad-Aware	Trojan.GenericKD.41557083
TACHYON	Ransom/W32.Phobos.366592
Emsisoft	Trojan.GenericKD.41557083 (B)
F-Secure	Trojan.TR/AD.PhobosRansom.knzgo
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.NANOBOT.SMY
McAfee-GW-Edition	GenericRXII-BT!9AE6307C172E
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Chapak.baq
eGambit	Unsafe.AI_Score_91%
Avira	TR/AD.PhobosRansom.knzgo
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Microsoft	Trojan:Win32/Occamy.C19
ZoneAlarm	Backdoor.Win32.Androm.tcxf
GData	Trojan.GenericKD.41557083
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.NanoBot.R295744
Acronis	suspicious
VBA32	BScope.Trojan.Meterpreter
ALYac	Trojan.Ransom.Phobos
MAX	malware (ai score=100)
Malwarebytes	Generic.Malware/Suspicious
Zoner	Trojan.Win32.82565
TrendMicro-HouseCall	Backdoor.Win32.NANOBOT.SMY
Rising	Backdoor.Androm!8.113 (TFE:5:VeO0V1eD7qG)
Yandex	Trojan.GenAsa!xnFlCMqJYrw
Fortinet	W32/Kryptik.GVIM!tr
AVG	Win32:Trojan-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Backdoor.210