Backdoor.Win32.NetMail.a removal

The Backdoor.Win32.NetMail.a is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.NetMail.a virus can do?

Reads data out of its own binary image
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Backdoor.Win32.NetMail.a?


File Info:
name: 4AF46C7C376F352C87C4.mlw
path: /opt/CAPEv2/storage/binaries/c1ec4db552fec580af37397cfe7c7e2c4e3d784839738fcde954d6b9d6dee284
crc32: 86D99009
md5: 4af46c7c376f352c87c40817e285044f
sha1: 46920a49c3299f8cc53d094cd3611e7595dd42eb
sha256: c1ec4db552fec580af37397cfe7c7e2c4e3d784839738fcde954d6b9d6dee284
sha512: 6687b3f6d9f5a52bf13e3c11ae9208877c28b2c47a2d624d76f6a0485f7e2230db1642734239ec3488e83fa9e775097369c4ff612a3e88e298e0ab35ff33e7ae
ssdeep: 12288:i2ToLD2QfWUEknSsmjj/UVF4TPSiggK/TjMVJK1P5aEL3Lzyhx:ikuPfWsnnw/UV+PSigbMVcRaI2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102253B3BAF8AD136D96234BC4C9FC1D5940939312C485B87FF919F0D7E76652232A983
sha3_384: c8b3e445a4bb97821cdff08188f4cc6d07693aabb05756887f991f9041006e0b74d800efb35ef00ba2551f3146c60c6c
ep_bytes: 558bec83c4f05356b81c991100e83ad3
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Backdoor.Win32.NetMail.a also known as:

Bkav	W32.AIDetectMalware
DrWeb	Trojan.DownLoader4.61273
MicroWorld-eScan	Gen:Variant.Doina.46553
FireEye	Generic.mg.4af46c7c376f352c
McAfee	GenericRXIE-DJ!4AF46C7C376F
Malwarebytes	Malware.AI.693497512
VIPRE	Gen:Variant.Doina.46553
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 004bfe9d1 )
BitDefender	Gen:Variant.Doina.46553
K7GW	Spyware ( 004bfe9d1 )
CrowdStrike	win/malicious_confidence_90% (D)
BitDefenderTheta	Gen:NN.ZelphiF.36164.8GW@auv89co
Cyren	W32/Banker.V.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Spy.Banker.WGA
APEX	Malicious
ClamAV	Win.Trojan.Netmail-9844910-0
Kaspersky	Backdoor.Win32.NetMail.a
NANO-Antivirus	Trojan.Win32.NetMail.cndhca
Avast	Win32:Trojan-gen
Tencent	Backdoor.Win32.NetMail.ha
Emsisoft	Gen:Variant.Doina.46553 (B)
F-Secure	Trojan.TR/Zusy.9881605548
Zillya	Trojan.Banker.Win32.53195
TrendMicro	Backdoor.Win32.NETMAIL.SMTH
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.dh
Trapmine	suspicious.low.ml.score
Sophos	Troj/Agent-BCNT
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan-Stealer.Banker.AK
Jiangmin	Backdoor/NetMail.a
Google	Detected
Avira	TR/Zusy.9881605548
MAX	malware (ai score=80)
Antiy-AVL	Trojan[Backdoor]/Win32.NetMail
Xcitium	TrojWare.Win32.Spy.Banker.VIS@8ekceg
Arcabit	Trojan.Doina.DB5D9
ZoneAlarm	Backdoor.Win32.NetMail.a
Microsoft	Trojan:Win32/Dorv.B!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.NetMail.C3359984
VBA32	Backdoor.NetMail
ALYac	Gen:Variant.Doina.46553
TACHYON	Trojan/W32.DP-Agent.988160
Cylance	unsafe
Panda	Trj/Dtcontx.I
Zoner	Trojan.Win32.88740
TrendMicro-HouseCall	Backdoor.Win32.NETMAIL.SMTH
Rising	Ransom.Blocker!8.12A (TFE:4:iWNbawThGVF)
Yandex	Trojan.GenAsa!Dt9naGN/FsA
Ikarus	Trojan-Spy.Zbot
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Banker.WGA!tr.spy
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS

How to remove Backdoor.Win32.NetMail.a?

Backdoor.Win32.NetMail.a removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X