Categories: Backdoor

Backdoor.Win32.Androm.uhll removal guide

The Backdoor.Win32.Androm.uhll is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.uhll virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Androm.uhll?



File Info:

crc32: ABC6612Emd5: a291a5625f89575197603ea42e56fcd5name: A291A5625F89575197603EA42E56FCD5.mlwsha1: 6916c1e0bb33024a802c773d7a56a89aa2becde0sha256: 24d8911b1caddf1d3d2ada50dab96348d2dae8037aba3e841832c949160a8275sha512: a73a161e22501de44a6d42c7e0225870e41047cdd4fafbc0ed68a3132399675079ae2343bb6627e3a95e1ce313aba6baf221e82647b95885c58f0a2c1c757eeassdeep: 12288:GBMYAOdJ5+Ms8O0gwmSqHBtga2SRrDE59FYBj31NoPcmrRBccq:GBM0oMs8O3uqhRrDE5/YBjwr8ftype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor.Win32.Androm.uhll also known as:

Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
ClamAV Win.Malware.Eyqd-9789766-0
FireEye Generic.mg.a291a5625f895751
CAT-QuickHeal Trojan.DriveHide.VN8
Qihoo-360 HEUR/QVM20.1.4D5B.Malware.Gen
McAfee PWS-FCRZ!A291A5625F89
Sangfor Malware
K7AntiVirus Trojan ( 00572a101 )
K7GW Trojan ( 00572a101 )
Cybereason malicious.0bb330
BitDefenderTheta Gen:NN.ZelphiF.34634.XGW@ae@rwCgi
Cyren W32/Delf_Troj.U.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Androm.uhll
BitDefender Gen:Variant.Barys.62751
MicroWorld-eScan Gen:Variant.Barys.62751
Rising Trojan.Ymacco!8.11BE1 (TFE:2:bSRtW4lIhOQ)
Ad-Aware Gen:Variant.Barys.62751
Sophos Troj/Agent-AJFK
DrWeb BackDoor.SpyBotNET.25
Invincea ML/PE-A + Troj/Agent-AJFK
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Emsisoft Gen:Variant.Barys.62751 (B)
Ikarus Win32.Outbreak
Jiangmin Backdoor.Androm.aygo
Avira TR/Injector.qzrma
MAX malware (ai score=85)
Microsoft PWS:Win32/Fareit
Arcabit Trojan.Barys.DF51F
AhnLab-V3 Trojan/Win32.MalPack.C4222391
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Barys.62751
ESET-NOD32 a variant of Win32/Injector.ENVQ
ALYac Gen:Variant.Barys.62751
VBA32 BScope.Trojan.Fareit
Malwarebytes Trojan.MalPack.DLF
SentinelOne Static AI – Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Injector.ENVN!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
MaxSecure Trojan.Malware.109567477.susgen

How to remove Backdoor.Win32.Androm.uhll?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzBackdoor.Win32.Androm.uhllz.whorecord.xyz
3 years ago

Recent Posts

What is “MSIL/TrojanDropper.Agent.BVT”?

The MSIL/TrojanDropper.Agent.BVT is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Should I remove “Generic.Dacic.94CCEEA9.A.A4A6DA47”?

The Generic.Dacic.94CCEEA9.A.A4A6DA47 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Malware.AI.524217860 removal tips

The Malware.AI.524217860 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Trojan:Win32/Koutodoor.F removal tips

The Trojan:Win32/Koutodoor.F is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

How to remove “Malware.AI.1412460714”?

The Malware.AI.1412460714 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Generic.Dacic.8952383F.A.5EC8C34B removal instruction

The Generic.Dacic.8952383F.A.5EC8C34B is considered dangerous by lots of security experts. When this infection is active,…

1 day ago