Backdoor.Win32.Androm.uhll removal guide

The Backdoor.Win32.Androm.uhll is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.uhll virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Spoofs its process name and/or associated pathname to appear as a legitimate process
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Androm.uhll?


File Info:
crc32: ABC6612E
md5: a291a5625f89575197603ea42e56fcd5
name: A291A5625F89575197603EA42E56FCD5.mlw
sha1: 6916c1e0bb33024a802c773d7a56a89aa2becde0
sha256: 24d8911b1caddf1d3d2ada50dab96348d2dae8037aba3e841832c949160a8275
sha512: a73a161e22501de44a6d42c7e0225870e41047cdd4fafbc0ed68a3132399675079ae2343bb6627e3a95e1ce313aba6baf221e82647b95885c58f0a2c1c757eea
ssdeep: 12288:GBMYAOdJ5+Ms8O0gwmSqHBtga2SRrDE59FYBj31NoPcmrRBccq:GBM0oMs8O3uqhRrDE5/YBjwr8f
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Backdoor.Win32.Androm.uhll also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
ClamAV	Win.Malware.Eyqd-9789766-0
FireEye	Generic.mg.a291a5625f895751
CAT-QuickHeal	Trojan.DriveHide.VN8
Qihoo-360	HEUR/QVM20.1.4D5B.Malware.Gen
McAfee	PWS-FCRZ!A291A5625F89
Sangfor	Malware
K7AntiVirus	Trojan ( 00572a101 )
K7GW	Trojan ( 00572a101 )
Cybereason	malicious.0bb330
BitDefenderTheta	Gen:NN.ZelphiF.34634.XGW@ae@rwCgi
Cyren	W32/Delf_Troj.U.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Androm.uhll
BitDefender	Gen:Variant.Barys.62751
MicroWorld-eScan	Gen:Variant.Barys.62751
Rising	Trojan.Ymacco!8.11BE1 (TFE:2:bSRtW4lIhOQ)
Ad-Aware	Gen:Variant.Barys.62751
Sophos	Troj/Agent-AJFK
DrWeb	BackDoor.SpyBotNET.25
Invincea	ML/PE-A + Troj/Agent-AJFK
McAfee-GW-Edition	BehavesLike.Win32.Fareit.bh
Emsisoft	Gen:Variant.Barys.62751 (B)
Ikarus	Win32.Outbreak
Jiangmin	Backdoor.Androm.aygo
Avira	TR/Injector.qzrma
MAX	malware (ai score=85)
Microsoft	PWS:Win32/Fareit
Arcabit	Trojan.Barys.DF51F
AhnLab-V3	Trojan/Win32.MalPack.C4222391
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Barys.62751
ESET-NOD32	a variant of Win32/Injector.ENVQ
ALYac	Gen:Variant.Barys.62751
VBA32	BScope.Trojan.Fareit
Malwarebytes	Trojan.MalPack.DLF
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Injector.ENVN!tr
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
MaxSecure	Trojan.Malware.109567477.susgen

How to remove Backdoor.Win32.Androm.uhll?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor.Win32.Androm.uhll removal guide