Backdoor.Win32.Remcos.nvy removal

The Backdoor.Win32.Remcos.nvy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Remcos.nvy virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Backdoor.Win32.Remcos.nvy?


File Info:
crc32: F145CC49
md5: 81a3cbf3d808985676d8e8610f0ba7c0
name: major.exe
sha1: b876a4ff9951b6e54871ee4ae77f9f3a13a776ca
sha256: 3ace9d22745e22e3d5775ffe7cf1ac8243a9fc5f56ffae013ad187ea441f44e6
sha512: 490ccd635884562cdab3fe332618bd03bf7abd8293488831f2094c0926d1d1cb3265999d01d3f4fd0e0923bec6d8577b9f9edd9b577277a3d2aff81859bf63a1
ssdeep: 768:t0fFIlsUnhiiXcvC4OGtND9wScvrkCAcK7H881qUBKemogkTTJsDJ7kIo7btjw9:twg7hi5l2F+qUwcsDG7bRw1eb9Z6E0x
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: screen
FileVersion: 1.00
CompanyName: SMART
Comments: SMART
ProductName: Nutidsvrdien4
ProductVersion: 1.00
FileDescription: MANCIPULARMIL
OriginalFilename: screen.exe

Backdoor.Win32.Remcos.nvy also known as:

DrWeb	Trojan.Siggen9.26025
MicroWorld-eScan	Trojan.GenericKD.42889994
McAfee	Artemis!81A3CBF3D808
CrowdStrike	win/malicious_confidence_80% (W)
BitDefender	Trojan.GenericKD.42889994
K7GW	Trojan ( 005635351 )
K7AntiVirus	Trojan ( 005635351 )
BitDefenderTheta	Gen:NN.ZevbaF.34104.im0@aet0D3ji
Cyren	W32/VBKrypt.AGE.gen!Eldorado
ESET-NOD32	a variant of Win32/Injector.ELFN
APEX	Malicious
GData	Trojan.GenericKD.42889994
Kaspersky	Backdoor.Win32.Remcos.nvy
Ad-Aware	Trojan.GenericKD.42889994
Sophos	Mal/FareitVB-W
F-Secure	Trojan.TR/Injector.ppfxa
McAfee-GW-Edition	Fareit-FRL!81A3CBF3D808
Emsisoft	Trojan.GenericKD.42889994 (B)
Ikarus	Trojan.VB.Crypt
F-Prot	W32/VBKrypt.AGE.gen!Eldorado
Avira	TR/Injector.ppfxa
MAX	malware (ai score=88)
Arcabit	Trojan.Generic.D28E730A
ZoneAlarm	Backdoor.Win32.Remcos.nvy
Microsoft	Trojan:Win32/Fareit.AE!MTB
Acronis	suspicious
Malwarebytes	Trojan.GuLoader
Fortinet	W32/GuLoader.VHHX!tr
AVG	FileRepMalware

How to remove Backdoor.Win32.Remcos.nvy?

Backdoor.Win32.Remcos.nvy removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X