Backdoor.Win32.Remcos.nut removal tips

The Backdoor.Win32.Remcos.nut is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Remcos.nut virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Backdoor.Win32.Remcos.nut?


File Info:
crc32: 7B3ECB14
md5: 56557a947a15e0c1bb7226dffa0f5387
name: big.exe
sha1: ded28a38f108dc084ac87bd31bb0191278999092
sha256: 51a4f59ddc8c429d6af5e0e9baf6511b8f8497441970e66913bb8823440335af
sha512: 482985c716fb0701dfcec8f46d93b3a28016b7ae9fa9fd20a934ab13bafcba6583d4ed7043af60c4b96bd9af842265fe6d9dde6f98432726e1008def885fb401
ssdeep: 768:THS0UfgX7a2vHSxJVdfHYaAG4ugEEg4TDV81IYeqo+oUKXwHWEPK:TS0UsIGSPv4dOtet+WdEPK
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: Unlumberings7
FileVersion: 1.00
CompanyName: SMARt
Comments: SMARt
ProductName: preprocesso
ProductVersion: 1.00
FileDescription: VIDEOK
OriginalFilename: Unlumberings7.exe

Backdoor.Win32.Remcos.nut also known as:

MicroWorld-eScan	Trojan.GenericKD.42888146
McAfee	Artemis!56557A947A15
Cylance	Unsafe
BitDefender	Trojan.GenericKD.33563078
K7GW	Trojan ( 005634621 )
Cybereason	malicious.8f108d
F-Prot	W32/Kryptik.BHP.gen!Eldorado
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Win32.Trojan-Downloader.Dagurleo.SOCG4L
Kaspersky	Backdoor.Win32.Remcos.nut
AegisLab	Trojan.Multi.Generic.4!c
Tencent	Win32.Backdoor.Remcos.Suxp
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.42888146 (B)
DrWeb	Trojan.DownLoader33.20798
McAfee-GW-Edition	BehavesLike.Win32.Trojan.cz
Trapmine	malicious.moderate.ml.score
Sophos	Mal/FareitVB-W
Cyren	W32/Kryptik.BHP.gen!Eldorado
Microsoft	Trojan:Win32/Wacatac.C!ml
Arcabit	Trojan.Generic.D28E6BD2
ZoneAlarm	Backdoor.Win32.Remcos.nut
BitDefenderTheta	Gen:NN.ZevbaF.34104.hm0@a4XGp@ki
MAX	malware (ai score=81)
Malwarebytes	Trojan.GuLoader.VB
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Injector.ELFD
Rising	Trojan.Injector!8.C4 (CLOUD)
eGambit	Unsafe.AI_Score_91%
Fortinet	W32/GuLoader.VHHX!tr
Ad-Aware	Trojan.GenericKD.42888146
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	HEUR/QVM03.0.1EA1.Malware.Gen

How to remove Backdoor.Win32.Remcos.nut?

Backdoor.Win32.Remcos.nut removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X