Backdoor.Win32.DarkKomet.aagt removal

The Backdoor.Win32.DarkKomet.aagt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Backdoor.Win32.DarkKomet.aagt virus can do?

• Attempts to connect to a dead IP:Port (1 unique times)
• Creates RWX memory
• Drops a binary and executes it
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX
• Uses Windows utilities for basic functionality
• Sniffs keystrokes
• Installs itself for autorun at Windows startup
• Creates a copy of itself
• Interacts with known DarkComet registry keys

How to determine Backdoor.Win32.DarkKomet.aagt?

File Info:
crc32: 7E26FD14md5: b8f4c8bf2bcb6226ef766feab25f25c0name: dcr.exesha1: 1906dad154e2581e1e86b5a21fb50de40f768157sha256: e72ec0bc2cd05e14d85af6c7a696cf8c0a495fb4b23918bc68e7c8b37b03f075sha512: 8d412668c00819f60b1efa3b5e004407621203318a3af685a52741d77c1dc6c68b0dd1c2dd28d5f32727030ef0ab9cdfec48cb4b7213a44374206a32a0176059ssdeep: 6144:PjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMnyoS:LFy9bPQZlFjrG0ZmYbwzoStype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: Copyright (C) 1999InternalName: MSRSAAPPFileVersion: 1, 0, 0, 1CompanyName: Microsoft Corp.Comments: Remote Service ApplicationProductName: Remote Service ApplicationProductVersion: 4, 0, 0, 0FileDescription: Remote Service ApplicationOriginalFilename: MSRSAAP.EXETranslation: 0x0409 0x04b0

Backdoor.Win32.DarkKomet.aagt also known as:

Bkav	W32.DarnirisH.Trojan
MicroWorld-eScan	Trojan.Inject.AUZ
FireEye	Generic.mg.b8f4c8bf2bcb6226
CAT-QuickHeal	Backdoor.Fynloski.A9
ALYac	Trojan.Inject.AUZ
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!SB.0
K7AntiVirus	Trojan ( 7000000f1 )
BitDefender	Trojan.Inject.AUZ
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.f2bcb6
Invincea	heuristic
BitDefenderTheta	AI:Packer.891BE84E1C
F-Prot	W32/Fynloski.I.gen!Eldorado
Symantec	Backdoor.Breut!gm
TotalDefense	Win32/Fynloski.A!generic
Baidu	Win32.Backdoor.Agent.l
TrendMicro-HouseCall	BKDR_FYNLOS.SMM
Paloalto	generic.ml
ClamAV	Win.Trojan.DarkKomet-1
GData	Trojan.Inject.AUZ
Kaspersky	Backdoor.Win32.DarkKomet.aagt
Alibaba	Backdoor:Win32/DarkKomet.7b967a63
NANO-Antivirus	Trojan.Win32.DarkKomet.dtlfre
ViRobot	Backdoor.Win32.DarkKomet.238080
Rising	Backdoor.Pontoeb!1.6637 (CLASSIC)
Ad-Aware	Trojan.Inject.AUZ
Sophos	Troj/Backdr-ID
Comodo	TrojWare.Win32.Fynloski.B@57zt85
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Tordev.8
Zillya	Backdoor.DarkKomet.Win32.14560
TrendMicro	BKDR_FYNLOS.SMM
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.dc
SentinelOne	DFI – Malicious PE
Trapmine	malicious.high.ml.score
CMC	Backdoor.Win32.DarkKomet!O
Emsisoft	Trojan.Inject.AUZ (B)
APEX	Malicious
Cyren	W32/Fynloski.I.gen!Eldorado
Jiangmin	TrojanDropper.Autoit.aqa
Webroot	W32.Trojan.Gen
Avira	BDS/Backdoor.Gen
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Inject.AUZ
SUPERAntiSpyware	Trojan.Agent/Gen-Fynloski
ZoneAlarm	Backdoor.Win32.DarkKomet.aagt
Microsoft	VirTool:Win32/CeeInject.AJJ!bit
TACHYON	Backdoor/W32.DP-DarkKomet.674304
AhnLab-V3	Win-Trojan/FCN.140610
Acronis	suspicious
McAfee	Generic.gj
MAX	malware (ai score=88)
VBA32	Backdoor.Tordev
Malwarebytes	Backdoor.Packed.DK
Panda	Trj/Packed.B
Zoner	Trojan.Win32.33772
ESET-NOD32	a variant of Win32/Fynloski.AN
Tencent	Backdoor.Win32.Darkkomet.a
Yandex	Trojan.Comet.Gen.LO
Ikarus	Backdoor.Win32.Fynloski
Fortinet	W32/Generic.AC.55A6!tr
AVG	FileRepMalware
Avast	Win32:Evo-gen [Susp]
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Backdoor.DarkKomet.A

How to remove Backdoor.Win32.DarkKomet.aagt?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.