Backdoor:Win32/Androme.PB!MTB information

The Backdoor:Win32/Androme.PB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Androme.PB!MTB virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to restart the guest VM
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

redirector.gvt1.com

r3—sn-4g5ednsd.gvt1.com

update.googleapis.com

edgedl.gvt1.com

How to determine Backdoor:Win32/Androme.PB!MTB?


File Info:
crc32: BE3630DB
md5: dc576def4bad708a7852f83c5df3924d
name: DC576DEF4BAD708A7852F83C5DF3924D.mlw
sha1: d5416d614dd51c684653e4c13a6789468f9c8ba2
sha256: 1e0c45657b2738db7a1896b45476917a62a7c8998b72ed9ce61455bdad412c38
sha512: ad244ebae7e7f070a7b63ffab8320c67ee2bdfe22c11f38a776a26f7dddf9057511485cf4516432440bb267c9bacea3e449204e30eb174dd3bd0f3ef667ef257
ssdeep: 1536:1rqmQBdXpBIr3P9qsmSdC0hzhFx6wsaMh9yu1P+xyED63qNQ:vmdXLitg0nFx6YMjjt+x1G3x
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Backdoor:Win32/Androme.PB!MTB also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen3.3429
MicroWorld-eScan	Trojan.Ransom.BO
FireEye	Generic.mg.dc576def4bad708a
ALYac	Trojan.Ransom.BO
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 7000000f1 )
BitDefender	Trojan.Ransom.BO
K7GW	Trojan ( 7000000f1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	AI:Packer.95AFAF7121
Cyren	W32/Trojan.OVRA-3678
Symantec	ML.Attribute.HighConfidence
TotalDefense	Win32/Swisyn.D!generic
APEX	Malicious
Avast	Win32:Crypt-NKM [Trj]
ClamAV	Win.Trojan.Agent-385467
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Backdoor:Win32/Androme.2818a180
NANO-Antivirus	Trojan.Win32.Buzus.fwpdx
ViRobot	Trojan.Win32.Buzus.72704.J
Rising	Spyware.Swisyn!8.9B4 (CLOUD)
Ad-Aware	Trojan.Ransom.BO
Emsisoft	Trojan.Ransom.BO (B)
Comodo	Suspicious@#2gqhuig7k5jk9
F-Secure	Dropper.DR/Delphi.Gen
Zillya	Trojan.Buzus.Win32.74637
TrendMicro	TROJ_RANSOM.ASH
McAfee-GW-Edition	BehavesLike.Win32.Generic.lc
Sophos	Mal/Generic-R + Troj/Buzus-GM
Ikarus	Troja
Jiangmin	Trojan/Buzus.ayzs
Webroot	W32.Malware.Gen
Avira	DR/Delphi.Gen
Antiy-AVL	Trojan[Spy]/Win32.Zbot
Microsoft	Backdoor:Win32/Androme.PB!MTB
Arcabit	Trojan.Ransom.BO
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Ransom.BO
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.FakeAV.R11951
Acronis	suspicious
McAfee	GenericR-FUK!DC576DEF4BAD
MAX	malware (ai score=100)
VBA32	BScope.Trojan-Dropper.Injector
Malwarebytes	Malware.AI.2493490683
Panda	Generic Malware
ESET-NOD32	a variant of Win32/Injector.IKP
TrendMicro-HouseCall	TROJ_RANSOM.ASH
Tencent	Win32.Trojan.Buzus.Wstr
Yandex	Trojan.Injector!OEHX4KHe8I0
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Injector.fam!tr
AVG	Win32:Crypt-NKM [Trj]
Cybereason	malicious.f4bad7
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Generic.HwUBQI8A

How to remove Backdoor:Win32/Androme.PB!MTB?

Backdoor:Win32/Androme.PB!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor:Win32/Androme.PB!MTB information