Backdoor.Win32.RA-based.eb removal guide

The Backdoor.Win32.RA-based.eb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.RA-based.eb virus can do?

Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Starts servers listening on 0.0.0.0:5650, :0
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

rmansys.ru

rms-server.tektonit.ru

How to determine Backdoor.Win32.RA-based.eb?


File Info:
crc32: F34640B0
md5: 4fe264dddc8f2e9cc1fa4de4d23ecde1
name: setup.exe
sha1: b62e71080aaaded93f879f5f0af6ae41ac2f28bf
sha256: 0a8494369ffdb568bad03b5af6f76fec5730910db47acdceb6b1b27cfa6bad0b
sha512: 51cbc0c0a61609dfc427c70eb9cd01e4767e4fa79d21f158c257f0efe0f23ffc75f12271d345abeeb16b41311e3809ebe57c62342df925dd1fc825578ce51c50
ssdeep: 98304:RFR9CaY7/Z//wEf9S8by+ay4r8Y3g/avdC220KrAsTgoka+:99Q7B3wEf9nby+54x3g/alryAKgDa+
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Backdoor.Win32.RA-based.eb also known as:

Bkav	W32.HfsAdware.52EA
MicroWorld-eScan	Gen:Variant.Strictor.111878
CMC	Backdoor.Win32.RA-based!O
CAT-QuickHeal	Trojan.Dynamer
ALYac	Gen:Variant.Strictor.111878
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
BitDefender	Gen:Variant.Strictor.111878
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
TrendMicro	TROJ_GEN.R002C0DG418
NANO-Antivirus	Trojan.Win32.RA.egynem
Cyren	W32/Trojan.BEPM-1972
Symantec	SMG.Heur!gen
TrendMicro-HouseCall	TROJ_GEN.R002C0DG418
Paloalto	generic.ml
GData	Gen:Variant.Strictor.111878
Kaspersky	Backdoor.Win32.RA-based.eb
Rising	Trojan.Occamy!8.F1CD (CLOUD)
Ad-Aware	Gen:Variant.Strictor.111878
Sophos	Mal/Generic-S
Comodo	Malware@#87nqxg86qwgl
F-Secure	Trojan.Generic.22567442
DrWeb	BackDoor.RMS.87
Zillya	Trojan.RA.Win32.79
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.rc
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Strictor.111878 (B)
Jiangmin	RemoteAdmin.RMS.as
Avira	SPR/Tool.Monitor.Gen
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.RMS
Endgame	malicious (high confidence)
Arcabit	Trojan.Strictor.D1B506
ZoneAlarm	Backdoor.Win32.RA-based.eb
Microsoft	Trojan:Win32/Dynamer!ac
AhnLab-V3	Win-AppCare/Remoteadmin.5005722
McAfee	Artemis!4FE264DDDC8F
MAX	malware (ai score=100)
VBA32	Backdoor.RAbased
Malwarebytes	RiskWare.RemoteAdmin
Panda	Trj/CI.A
Zoner	PUA.Remoteadmin
ESET-NOD32	a variant of Win32/RA-based.NEG
Tencent	Win32.Backdoor.Ra-based.Piuc
Yandex	Trojan.RA-based!8XYy/oB65kA
Ikarus	Trojan-Dropper.Agent
Fortinet	W32/RA_based.NEG!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.ddc8f2
Avast	Win32:Trojan-gen
CrowdStrike	malicious_confidence_90% (W)

How to remove Backdoor.Win32.RA-based.eb?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor.Win32.RA-based.eb removal guide