Backdoor

Backdoor:Win32/BO2K removal

Malware Removal

The Backdoor:Win32/BO2K is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/BO2K virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the lsadump malware family
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/BO2K?


File Info:

name: BC11F1E0F043539AC1DF.mlw
path: /opt/CAPEv2/storage/binaries/199e49a48655c54c3dcaefed469d47b097946612aa970aec19abba04865b62a0
crc32: 2F612985
md5: bc11f1e0f043539ac1df31e85b66c827
sha1: 404f5c723b8aa9bcd535bbc5b8777714d1eafb9d
sha256: 199e49a48655c54c3dcaefed469d47b097946612aa970aec19abba04865b62a0
sha512: e733a0803d6db51dcca20d15c223e830a9af8a223271145715b9fcabfde08c0623424b8ffb55110bb2582b46779e8e30563dcd441dba9c1bd0a9a5c6526ca040
ssdeep: 3072:U6sBqtkFiCd0S0/AV5Y3/cSIgRDsP/PQfKgOA1Z2scLxJRzo:U1uyiX/3/cHLP/PpVRLnR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E814AE1731D180F7C0E305B456898726BFFEA8F419F9C883CFA948955DA168B9F2864B
sha3_384: 69d1e9a78ac6247d092ff1f316e37044e0cc8761ec5d9e24a408c08b40185e03e4e022e47bc2cbe6c3da054b760e69e3
ep_bytes: 558bec81ec780c0000535633db5753ff
timestamp: 1999-07-05 21:21:04

Version Info:

0: [No Data]

Backdoor:Win32/BO2K also known as:

BkavW32.AIDetectMalware
AVGWin32:Trojan-gen
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.BO2K.K
FireEyeGeneric.mg.bc11f1e0f043539a
CAT-QuickHealBO2K.Srv
SkyhighBehavesLike.Win32.Dropper.cm
ALYacBackdoor.BO2K.K
MalwarebytesMalware.AI.3346351477
ZillyaBackdoor.BO2K.Win32.46
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 00000add1 )
AlibabaBackdoor:Win32/Plugin.87ff339c
K7GWTrojan ( 00000add1 )
BitDefenderThetaGen:NN.ZexaF.36802.mqW@amL5lTb
VirITBackdoor.Win32.Generic.BCRT
SymantecBackOrifice.Trojan
ESET-NOD32Win32/BO2K.Server
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Trojan.Lithium-3
KasperskyBackdoor.Win32.BO2K.server
BitDefenderBackdoor.BO2K.K
NANO-AntivirusTrojan.Win32.BO2K.ddch
TencentMalware.Win32.Gencirc.10bf9c3c
SophosTroj/BO-2000
F-SecureTrojan.TR/BO2K.Plugin.Butt
DrWebBackDoor.Zerg.16
VIPREBackdoor.BO2K.K
TrendMicroBKDR_BO2K.10
Trapminemalicious.high.ml.score
EmsisoftBackdoor.BO2K.K (B)
IkarusBackdoor.Drat
GDataBackdoor.BO2K.K
JiangminBackdoor/BO2K.server
WebrootW32.Backdoor.Gen
VaristW32/Bo2K.139264
AviraTR/BO2K.Plugin.Butt
Antiy-AVLTrojan[Backdoor]/Win32.BO2K
KingsoftWin32.HeurC.KVMH008.a
XcitiumTrojWare.Win32.Back_Orifice.2000@16eu
ArcabitBackdoor.BO2K.K
ViRobotBackdoor.Win32.BO2K.139264
ZoneAlarmBackdoor.Win32.BO2K.server
MicrosoftBackdoor:Win32/BO2K
GoogleDetected
AhnLab-V3Win-Trojan/BO_2000.200706
McAfeeOrifice2K.l.svr
TACHYONBackdoor/W32.BackOrifice2K.200704
VBA32Backdoor.BO2K.server
Cylanceunsafe
PandaBck/BO2K.Srv.A
TrendMicro-HouseCallBKDR_BO2K.10
RisingBackdoor.BO2K.cf (CLASSIC)
YandexTrojan.GenAsa!FxBznkGxIXo
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.40466.susgen
FortinetW32/Generic.AP.1A5AE0!tr
DeepInstinctMALICIOUS
alibabacloudBackdoor:Win/BO2K.Server

How to remove Backdoor:Win32/BO2K?

Backdoor:Win32/BO2K removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment