Should I remove “Backdoor.Win32.RMS.oi”?

Malware Removal

The Backdoor.Win32.RMS.oi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.RMS.oi virus can do?

  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Detected script timer window indicative of sleep style evasion
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Russian
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.RMS.oi?


File Info:

crc32: 5DAA2109
md5: 61707a85df48697661e4a32ea494f38e
name: buldid.exe
sha1: 39a2204afb2c75181f2151879033fc76c931304f
sha256: bd86adb11993c876f6a0b12d051dd26911b1fbb453731d45a65a3cd928c6a995
sha512: e52767bd4649059a848f62a4eba0e48a7f07480c4633ef25cfeca01dcce9436d0e3a3aaad5ba4d2635a5f47be8ebe86053a74329f1da5dc4664360d79a90876e
ssdeep: 98304:RFR+Y7/Z//wEf9S8by+ay4r8Y3g/avdC220KrAsTgoka0:9B7B3wEf9nby+54x3g/alryAKgDa0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor.Win32.RMS.oi also known as:

DrWebProgram.RemoteAdmin.826
MicroWorld-eScanTrojan.GenericKD.43395332
FireEyeGeneric.mg.61707a85df486976
CAT-QuickHealRemoteadmin.Agent
Qihoo-360Win32/Backdoor.af2
McAfeeArtemis!61707A85DF48
CylanceUnsafe
AegisLabTrojan.Win32.RMS.m!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.43395332
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.5df486
TrendMicroTROJ_GEN.R002C0DCN20
BitDefenderThetaGen:NN.ZelphiF.34130.VnLfaK6YUbck
SymantecTrojan.Gen.6
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 85)
GDataTrojan.GenericKD.43395332
KasperskyBackdoor.Win32.RMS.oi
AlibabaBackdoor:Win32/Generic.21c36fa1
NANO-AntivirusRiskware.Win32.RemoteAdmin.elmksm
TencentWin32.Backdoor.Rms.Wmsm
Endgamemalicious (high confidence)
SophosGeneric PUA KB (PUA)
ComodoMalware@#26t5i4tn5mjif
F-SecurePrivacyRisk.SPR/Tool.Monitor
ZillyaBackdoor.RMS.Win32.5
Invinceaheuristic
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.GenericKD.43395332 (B)
IkarusPUA.RemoteUtilities
CyrenW32/Application.LAOS-8641
JiangminRemoteAdmin.RMS.as
WebrootW32.Malware.Gen
AviraWUDLicense.exe
Antiy-AVLRiskWare[RemoteAdmin]/Win32.RMS
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ArcabitTrojan.Generic.D2962904
ZoneAlarmBackdoor.Win32.RMS.oi
VBA32Backdoor.RMS
ALYacTrojan.GenericKD.43395332
MAXmalware (ai score=81)
Ad-AwareTrojan.GenericKD.43395332
MalwarebytesRiskWare.RemoteAdmin
ZonerTrojan.Win32.72547
ESET-NOD32Win32/RA-based.NEG
TrendMicro-HouseCallTROJ_GEN.R002C0DCN20
RisingTrojan.Occamy!8.F1CD (CLOUD)
YandexRiskware.RemoteAdmin!
FortinetRiskware/RMS
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureTrojan.Malware.9222759.susgen

How to remove Backdoor.Win32.RMS.oi?

Backdoor.Win32.RMS.oi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment