Backdoor

How to remove “Backdoor:Win32/Padodor.SK!MTB”?

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: E19A553A56141AF5052E.mlw
path: /opt/CAPEv2/storage/binaries/f8371e8d8ceadec6f840161e8797c2fdcacf2d79144eb4e26435103dd4a74db8
crc32: BA5CD357
md5: e19a553a56141af5052ef019af373a6d
sha1: 7a45b4100f5850e22e528e8d9aca046e9cf95e83
sha256: f8371e8d8ceadec6f840161e8797c2fdcacf2d79144eb4e26435103dd4a74db8
sha512: 9085eff3e332edc84a93aa548ae873091b393468341941c4932c92a04c95bd81b373dee85d4dea45d4686c61b1f6c4bc0676e1f71f7f608e7835a59df8235e67
ssdeep: 1536:lv+JMYV0H3AmPiOqizjUMaZ3MFwIjUrDUTHw56sRQlRkRLJzeLD9N0iQGRNQR8RK:lTYW9PiHiHUMuMWIgHUTQHelSJdEN0si
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T118938D87B7653F62FA4316B12ADF8781F218E23813154EE2854C913C1AE3E19B777E85
sha3_384: ed48f5956bd79a76756d0896d68fcadb7e079e9b427ac618d02f6105d3fec48e7d4b42aa98e7a44aa367536b0af30255
ep_bytes: 90909090906090b8001040009090906a
timestamp: 2017-10-15 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGenPack:Trojan.Agent.DQQO
FireEyeGeneric.mg.e19a553a56141af5
SkyhighBehavesLike.Win32.Generic.nc
ALYacGenPack:Trojan.Agent.DQQO
MalwarebytesGeneric.Malware.AI.DDS
VIPREGenPack:Trojan.Agent.DQQO
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.00f585
ArcabitGenPack:Trojan.Agent.DQQO
BitDefenderThetaAI:Packer.0E93EAB821
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.NAM
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Crypted-31
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGenPack:Trojan.Agent.DQQO
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
TencentBackdoor.Win32.Padodor.kg
EmsisoftGenPack:Trojan.Agent.DQQO (B)
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebBackDoor.HangUp.5
ZillyaTrojan.Padodor.Win32.1473633
Trapminemalicious.high.ml.score
SophosTroj/Padodor-M
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Padodor.erky
VaristW32/Pahador.QLFO-8537
AviraTR/Crypt.ZPACK.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataGenPack:Trojan.Agent.DQQO
GoogleDetected
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
McAfeeTrojan-FVOJ!E19A553A5614
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
IkarusTrojan-Downloader.Win32.Berbew
FortinetW32/Qukart.A!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Backdoor

Backdoor:Win32/Padodor.SK!MTB removal guide

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: CDB9E462BC221F8F5F22.mlw
path: /opt/CAPEv2/storage/binaries/9a863cb38a43092ae8e44eb581a18a19c65b228fd71ca73873558e5ac90162e5
crc32: A573280A
md5: cdb9e462bc221f8f5f22c96a52d7d69d
sha1: 6ee106196111684243e7dc1dedf073f2ce1960b9
sha256: 9a863cb38a43092ae8e44eb581a18a19c65b228fd71ca73873558e5ac90162e5
sha512: 7c483612036c9c3041914672eef9d17c13adf358a9f7fca3e586f940badad1b298fb843105229f211f2d8ce29c75bdf6203e8d3408f221e7ba121e81f27d0a14
ssdeep: 1536:fAsbMg5Hc7JEUgxSE4GoLLe9J/9eJSdymz1RWDZpaQiPegamVXDfOOQ/4BrGTI5y:RFUEUySJHLe9JWSdymz1EDZUeE7U/4kD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T163938D53E8050E7FDEA20730244F1D7962D891500D62876E57EB80692B2BB6ED1F39DF
sha3_384: 60dbc72bf96160faa668d56f2d538f9620e04c9fcf7c1c17516df354b7ffc98d5aaae06d40752308fd577745e715c78b
ep_bytes: 9067e8000000009090909058900563a0
timestamp: 1987-08-01 05:39:38


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGenPack:Trojan.GenericKDZ.103285
ClamAVWin.Trojan.Obfus-38
FireEyeGeneric.mg.cdb9e462bc221f8f
SkyhighBehavesLike.Win32.Generic.nc
ALYacGenPack:Trojan.GenericKDZ.103285
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.961116
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.AB
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGenPack:Trojan.GenericKDZ.103285
NANO-AntivirusTrojan.Win32.Padodor.iwrsgd
AvastWin32:Padodor-V [Trj]
RisingBackdoor.Padodor!8.118 (TFE:5:ANhzeVHq5GO)
EmsisoftGenPack:Trojan.GenericKDZ.103285 (B)
F-SecureTrojan.TR/Crypt.ZPACK.Gen2
DrWebBackDoor.Wdozer
VIPREGenPack:Trojan.GenericKDZ.103285
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Padodor.exys
GoogleDetected
AviraTR/Crypt.ZPACK.Gen2
MAXmalware (ai score=88)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ArcabitGenPack:Trojan.Generic.D19375
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataGenPack:Trojan.GenericKDZ.103285
VaristW32/Backdoor.DKIC-2994
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
McAfeeGenericRXPE-AP!D19D426511C3
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
TencentBackdoor.Win32.Padodor.km
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.B077!tr
BitDefenderThetaAI:Packer.C9D93E8421
AVGWin32:Padodor-V [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment