Backdoor

Backdoor.Win32.Androm removal tips

Malware Removal

The Backdoor.Win32.Androm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Androm virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Network activity detected but not expressed in API logs
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Androm?


File Info:

crc32: B834A9AA
md5: 39b1cf04d7b67e26fe8c9683f7a553b3
name: bestboby.exe
sha1: 220956dd239313ded436c659808f42d288dc3c1c
sha256: 82fddda1eb85eea953e8310c9dfc118b3cab8186415542bc640b124d6794eaac
sha512: ecdaab4761980c4333aa1232f0ceabcfef5584167d772b33d3136f52dfbbd1fc8dfaa95c4db3871fd6ac537f33346a9606c0b474d9cdc5927ca1b51b4726b326
ssdeep: 24576:j0SNaxFp1iaZ1bgKwD9PmJhG0L2PN4A/plNsc9EVcFdj:iPXCNmH2FpWgFV
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor.Win32.Androm also known as:

MicroWorld-eScanTrojan.GenericKD.42085670
ALYacTrojan.GenericKD.42085670
MalwarebytesTrojan.MalPack.DLF
AegisLabTrojan.Multi.Generic.4!c
SangforMalware
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderTrojan.GenericKD.42085670
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
TrendMicroTrojanSpy.Win32.LOKI.SMAD1.hp
BitDefenderThetaGen:NN.ZelphiF.32519.nHW@aam7EDdi
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
GDataTrojan.GenericKD.42085670
KasperskyHEUR:Backdoor.Win32.Androm.gen
AlibabaTrojan:Win32/Fareit.fbacaa4f
ViRobotTrojan.Win32.Z.Highconfidence.1266176
RisingTrojan.Generic@ML.100 (RDML:Bc97qg6iA3tBmeyVybw+Bg)
Ad-AwareTrojan.GenericKD.42085670
SophosMal/Fareit-V
ComodoMalware@#10ej35x9cxaeq
DrWebTrojan.PWS.Siggen2.39971
ZillyaTrojan.Injector.Win32.671046
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Fareit.th
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.39b1cf04d7b67e26
EmsisoftTrojan.GenericKD.42085670 (B)
IkarusTrojan.Win32.Injector
CyrenW32/Trojan.WTRI-1161
MAXmalware (ai score=84)
Antiy-AVLTrojan/Win32.Wacatac
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D2822D26
ZoneAlarmHEUR:Backdoor.Win32.Androm.gen
MicrosoftTrojan:Win32/Tiggre!plock
AhnLab-V3Win-Trojan/Delphiless02.Exp
Acronissuspicious
McAfeeFareit-FQP!39B1CF04D7B6
VBA32TScope.Trojan.Delf
PandaTrj/CI.A
ZonerTrojan.Win32.84475
ESET-NOD32a variant of Win32/Injector.EJHY
TrendMicro-HouseCallTrojanSpy.Win32.LOKI.SMAD1.hp
FortinetW32/Agent.AJFK!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.d23931
Paloaltogeneric.ml
Qihoo-360HEUR/QVM05.1.B509.Malware.Gen

How to remove Backdoor.Win32.Androm?

Backdoor.Win32.Androm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment