Backdoor

Backdoor.Win32.Poison.jqtv removal guide

Malware Removal

The Backdoor.Win32.Poison.jqtv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Poison.jqtv virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
imgsa.baidu.com

How to determine Backdoor.Win32.Poison.jqtv?


File Info:

crc32: A61FD25C
md5: 0ea03cb23590dc2271015e261de362a1
name: 0EA03CB23590DC2271015E261DE362A1.mlw
sha1: 36df26649ba17d9b8661ee6a1a4c03dca1e937e0
sha256: de174ae6148aa5121e88eef2d19923f74e688bfb8c68436d0a2e459c72f1fb7f
sha512: 4777b9a973f29a5dd9a6e4cbc371f5b5284f9d293f8aa8c9d32e1122a7e916301d4c7f35e78b7257a79805419043956bea6e8fb9f1261a2df69a7ba1a05462f4
ssdeep: 24576:5Qt25DcEbXmgN4KCAKDdXGd/0s2ZhHLqv5Ym+GO8ZtwMW7KmvUQjR2loO:W0b2gN4KCAKDdXsJEumPtMgnvUYRdO
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Backdoor.Win32.Poison.jqtv also known as:

Elasticmalicious (high confidence)
SangforTrojan.Win32.Save.a
Cybereasonmalicious.49ba17
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Poison.jqtv
NANO-AntivirusTrojan.Win32.FlyStudio.exvykt
SophosGeneric ML PUA (PUA)
BitDefenderThetaGen:NN.ZexaF.34170.znIfaenyeebb
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.0ea03cb23590dc22
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1131800
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.A!ml
GDataWin32.Trojan.PSE.19Q2126
Acronissuspicious
McAfeeArtemis!0EA03CB23590
VBA32BScope.Backdoor.Poison
MalwarebytesMalware.AI.1154638460
RisingTrojan.Injector!1.B866 (CLASSIC)
YandexTrojan.GenAsa!5uKZ2NzQIVs
FortinetRiskware/FlyStudio_Injector
Paloaltogeneric.ml

How to remove Backdoor.Win32.Poison.jqtv?

Backdoor.Win32.Poison.jqtv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment