Backdoor

Backdoor:Win32/Htbot.C malicious file

Malware Removal

The Backdoor:Win32/Htbot.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Htbot.C virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • A process created a hidden window
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Exhibits behavior characteristic of Proxyback malware
  • Anomalous binary characteristics

How to determine Backdoor:Win32/Htbot.C?



File Info:

crc32: ED392329
md5: a6c80264268ff65e192f9498369d1020
name: A6C80264268FF65E192F9498369D1020.mlw
sha1: f369d45e220043db903c663cc297d2ed1c83dbb9
sha256: 7cd0a6e4252f9855b7225691472e71e619ae8c4057b714c39daa3ac372b53697
sha512: ae3ccab2106603f8fa7efe86ddaf0c29fec97893db0452981dd4b47ce894f4307befe4c10a802208ef605af076d88c34e13dd5cc682a4082c7776aae24e2a6a2
ssdeep: 6144:wLCGqaHjihQjAOHoj1aE7QVn2V7r65olQu3fElsA7LCG4:wLIBhQjNM1ZK8lNILu
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 1997-2007, Nullsoft, Inc.
FileVersion: 5.5.0.1640
CompanyName: Nullsoft, Inc.
SpecialBuild: full
LegalTrademarks: Nullsoft and Winamp are trademarks of Nullsoft, Inc.
Comments: Visit http://www.winamp.com/ for updates.
ProductName: Winamp
ProductVersion: 5.50 Build 1640
FileDescription: Winamp 
Translation: 0x0000 0x04e4

Backdoor:Win32/Htbot.C also known as:

BkavW32.FamVT.RazyNHmC.Trojan
K7AntiVirusTrojan ( 0055dd191 )
Elasticmalicious (high confidence)
DrWebBackDoor.IRC.NgrBot.566
CynetMalicious (score: 100)
ALYacTrojan.Lethic.Gen.14
CylanceUnsafe
ZillyaBackdoor.Farfli.Win32.4348
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.4268ff
BaiduWin32.Trojan.Kryptik.vz
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EPZK
APEXMalicious
AvastWin32:Mutex-A [Trj]
ClamAVWin.Ransomware.Lethic-7556239-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Lethic.Gen.14
NANO-AntivirusTrojan.Win32.Garrun.eaxlkp
ViRobotTrojan.Win32.Ransom.378880
SUPERAntiSpywareTrojan.Agent/Gen-Filecoder
MicroWorld-eScanTrojan.Lethic.Gen.14
TencentMalware.Win32.Gencirc.114bc26e
Ad-AwareTrojan.Lethic.Gen.14
SophosMal/Generic-R + Mal/Wonton-CD
ComodoTrojWare.Win32.Droma.EQJ@6b1t5k
BitDefenderThetaGen:NN.ZexaF.34608.tu3@aGjDiUoS
VIPRETrojan.Win32.Generic!BT
TrendMicroWORM_HPKASIDET.SM1
McAfee-GW-EditionRansom-Tescrypt!A6C80264268F
FireEyeGeneric.mg.a6c80264268ff65e
EmsisoftTrojan.Lethic.Gen.14 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1128842
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan[Backdoor]/Win32.Farfli
MicrosoftBackdoor:Win32/Htbot.C
ArcabitTrojan.Lethic.Gen.14
GDataTrojan.Lethic.Gen.14
AhnLab-V3Trojan/Win32.Teslacrypt.R176971
Acronissuspicious
McAfeeRansom-Tescrypt!A6C80264268F
MAXmalware (ai score=100)
VBA32BScope.Backdoor.IRC.NgrBot
MalwarebytesMalware.Heuristic.1003
PandaTrj/CI.A
TrendMicro-HouseCallWORM_HPKASIDET.SM1
RisingRansom.Tescrypt!8.3AF (CLOUD)
YandexBackdoor.Farfli!0JgLdUO9P04
IkarusTrojan.Crypt
FortinetW32/Kryptik.FXWS!tr
AVGWin32:Mutex-A [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.16d

How to remove Backdoor:Win32/Htbot.C?

Backdoor:Win32/Htbot.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment