Backdoor

About “Backdoor.Win32.Remcos.tdy” infection

Malware Removal

The Backdoor.Win32.Remcos.tdy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Remcos.tdy virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Remcos.tdy?



File Info:

crc32: 043DBFA2
md5: 8bdfdcd7b9586f152e193d5f033ede74
name: 8BDFDCD7B9586F152E193D5F033EDE74.mlw
sha1: beabaef24968070ec42d5ccf715a29b32370a258
sha256: 7007b666015e9392df019f079b3d20ac68d4652797c1ec0ca8461ef7318c6473
sha512: ce20c8127e62b9817d6d22795f78b4a6406bf2bb2f54c0ba8e0345acae9d683848d324051ec54e49943ab39214cac95c5c11fceac15009f1e6c49db90f53a23b
ssdeep: 1536:ijDpVw8OKWRtm/IpVSfFnRAolES/OiYos7/Sv9qioypbGPB5+ha4V5ekWe3rJqJ:mHWRwIzSdnRAcYos7qv9hobGtvR8m
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0404 0x04b0
InternalName: STAVNSB
FileVersion: 1.00
CompanyName: Workfront
Comments: Workfront
ProductName: haun
ProductVersion: 1.00
OriginalFilename: STAVNSB.exe

Backdoor.Win32.Remcos.tdy also known as:

BkavW32.AIDetect.malware1
CyrenCloudRisk/WIN_PE.7007b666!Threatlookup
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.37171554
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaBackdoor:Win32/Remcos.d136b833
APEXMalicious
AvastWin32:Trojan-gen
KasperskyBackdoor.Win32.Remcos.tdy
BitDefenderTrojan.GenericKD.37171554
MicroWorld-eScanTrojan.GenericKD.37171554
Ad-AwareTrojan.GenericKD.37171554
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZevbaF.34790.im0@a82xbjmb
McAfee-GW-EditionBehavesLike.Win32.Fareit.cm
FireEyeGeneric.mg.8bdfdcd7b9586f15
EmsisoftTrojan.GenericKD.37171554 (B)
AviraTR/Injector.ivwpp
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitTrojan.Generic.D2373162
ZoneAlarmBackdoor.Win32.Remcos.tdy
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.DelfInject.R429061
McAfeePWS-FCZK!8BDFDCD7B958
MAXmalware (ai score=80)
VBA32BScope.Worm.WBVB
MalwarebytesMalware.AI.1955286675
PandaTrj/GdSda.A
IkarusTrojan.Win32.Injector
AVGWin32:Trojan-gen
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.Remcos.HgIASYEA

How to remove Backdoor.Win32.Remcos.tdy?

Backdoor.Win32.Remcos.tdy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment