Backdoor

Backdoor.Win32.Shiz.kkff removal guide

Malware Removal

The Backdoor.Win32.Shiz.kkff is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Shiz.kkff virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.Shiz.kkff?



File Info:

name: E3D486FC7DAF28958FFE.mlw
path: /opt/CAPEv2/storage/binaries/da78ae0c79eae93d493ea23c2caa17a702c6e9784a247e8225245cfd012198ed
crc32: 51F864B8
md5: e3d486fc7daf28958ffe226f25a21aa3
sha1: 8a2ea35845ca05ed4afd39a28e8c019f022c47bc
sha256: da78ae0c79eae93d493ea23c2caa17a702c6e9784a247e8225245cfd012198ed
sha512: 116e2fc89f318b16d975e1487f28375d89499dc26ed8ce9262a02440818443ae66b0bd5e115c2bb90bfb772796958911b7c28f307aa38508af705ccbc5c71cce
ssdeep: 3072:BfUaDdXWWD/gjLjapGhf0RyR1qPF/Kv4GtwcxVyLZ+UJdnXZn5ZSIcb56tpSoQH+:B/dmWAjRhf2yR1h48DryLgUJdXZ5xBth
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A204029FB59DA42AC1F7D13D58100ABB263B649DFB398C06092CBE593CDDA73C69D100
sha3_384: 61b93f50c87a28f737b18fc622249e3f10302f98f5f7c09383200891f4edb3b0268a767139488bdea3cf6319a665f047
ep_bytes: 60be00b044008dbe0060fbff5783cdff
timestamp: 2005-12-19 17:55:50


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Мастер переноса файлов и параметров
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
InternalName: MigWiz
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: MigWiz.Exe
ProductName: Операционная система Microsoft® Windows®
ProductVersion: 5.1.2600.5512
Translation: 0x0419 0x04b0

Backdoor.Win32.Shiz.kkff also known as:

BkavW32.MosquitoQKB.Fam.Trojan
LionicTrojan.Win32.Generic.lh2q
AVGWin32:Evo-gen [Trj]
MicroWorld-eScanGen:Heur.VIZ.2
FireEyeGeneric.mg.e3d486fc7daf2895
ALYacGen:Heur.VIZ.2
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Heur.VIZ.2
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( f1000f011 )
AlibabaBackdoor:Win32/Kryptik.0e50d27d
K7GWTrojan ( f1000f011 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Worm.Autorun.h
VirITWorm.Win32.Generic.GHY
CyrenW32/S-a84f9024!Eldorado
SymantecSMG.Heur!gen
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Ramnit-5401
KasperskyBackdoor.Win32.Shiz.kkff
BitDefenderGen:Heur.VIZ.2
NANO-AntivirusTrojan.Win32.AutoRun.cxytjh
SUPERAntiSpywareHeur.Agent/Gen-StaticIcon
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Lebag.bhv
EmsisoftGen:Heur.VIZ.2 (B)
F-SecureHeuristic.HEUR/AGEN.1340728
DrWebTrojan.MulDrop1.64009
TrendMicroTROJ_GEN.R002C0OEP23
Trapminemalicious.moderate.ml.score
SophosTroj/Kryptik-RR
IkarusVirus.Win32.Virtob
GDataGen:Heur.VIZ.2
JiangminTrojan/Generic.bdhix
AviraHEUR/AGEN.1340728
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.Lebag
XcitiumTrojWare.Win32.Lebeg.WJOD@5csyki
ArcabitTrojan.VIZ.2
ViRobotTrojan.Win.Z.Viz.188825.W
ZoneAlarmBackdoor.Win32.Shiz.kkff
MicrosoftPWS:Win32/Zbot!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Zbot.R2835
Acronissuspicious
McAfeeGenericRXAA-AA!E3D486FC7DAF
TACHYONWorm/W32.AutoRun.188825
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0OEP23
RisingBackdoor.Shiz!8.11A (CLOUD)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7735513.susgen
BitDefenderThetaGen:NN.ZexaF.36196.lm1@amvbDdgc
Cybereasonmalicious.c7daf2
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.Shiz.kkff?

Backdoor.Win32.Shiz.kkff removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment