Categories: Backdoor

Backdoor:Win32/PcClient removal tips

The Backdoor:Win32/PcClient is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/PcClient virus can do?

Executable code extraction
At least one process apparently crashed during execution
Attempts to connect to a dead IP:Port (1 unique times)
Presents an Authenticode digital signature
Creates RWX memory
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Checks the CPU name from registry, possibly for anti-virtualization
Checks the system manufacturer, likely for anti-virtualization
Creates a copy of itself

Related domains:

d.nxxxn.ga

r.pengyou.com

How to determine Backdoor:Win32/PcClient?


File Info:
crc32: 50EB63C7md5: ca3d4f927b1fdc755f153585687c3775name: CA3D4F927B1FDC755F153585687C3775.mlwsha1: a9b9c0a61253da2866498a41aadf8d9e34f7792csha256: 514131cbda388b27754e54d9eb7d91c9970488ee0b0d27e5532f38b1f60a8c8fsha512: f40226590d581c338025d64f6eb147ece3b756928bfdde50c8dd63f1bd814fe380b5693edf667af09e37adbd7bf43403b9353f3aa02187e972560f3cb908a506ssdeep: 6144:vv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:v4VOiF1WD7kE1dTYOi8V5u23zmWFy4type: MS-DOS executable, MZ for MS-DOS
Version Info:
LegalCopyright: (C) 360.cn All Rights Reserved.InternalName: LSPFixFileVersion: 7, 1, 3, 1057CompanyName: 360.cnProductName: 360x5b89x5168x536bx58ebProductVersion: 7, 1, 3, 1057FileDescription: 360x5b89x5168x536bx58eb LSPx4feex590dx6a21x5757OriginalFilename: LSPFix.EXETranslation: 0x0804 0x04b0

Backdoor:Win32/PcClient also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	DeepScan:Generic.Keylogger.2.90E865B9
FireEye	Generic.mg.ca3d4f927b1fdc75
CAT-QuickHeal	Trojan.Magania.18692
McAfee	Artemis!CA3D4F927B1F
Malwarebytes	Backdoor.Farfli
VIPRE	Trojan.Win32.Generic!BT
CrowdStrike	win/malicious_confidence_80% (D)
BitDefender	DeepScan:Generic.Keylogger.2.90E865B9
K7GW	Trojan ( 004c81771 )
K7AntiVirus	Trojan ( 004c81771 )
Cyren	W32/S-6cc11623!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Deepscan-9770175-0
Kaspersky	Trojan-Banker.Win32.Banbra.wuxs
Tencent	Malware.Win32.Gencirc.10b40de8
Ad-Aware	DeepScan:Generic.Keylogger.2.90E865B9
Emsisoft	DeepScan:Generic.Keylogger.2.90E865B9 (B)
Comodo	TrojWare.Win32.Fusing.CF@5afr59
F-Secure	Trojan.TR/Agent.fjrz
DrWeb	BackDoor.Farfli.96
McAfee-GW-Edition	GenericRXDW-XG!1EC4D694D7A2
Sophos	ML/PE-A + Troj/AutoG-KB
Ikarus	Trojan.Win32.CoinMiner
Jiangmin	Trojan.Generic.fjkle
Avira	TR/Agent.fjrz
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.SGeneric
Microsoft	Backdoor:Win32/PcClient
Gridinsoft	Trojan.Win32.PcClient.vb!s1
Arcabit	DeepScan:Generic.Keylogger.2.90E865B9
SUPERAntiSpyware	Backdoor.PcClient/Variant
ZoneAlarm	Trojan-Banker.Win32.Banbra.wuxs
GData	DeepScan:Generic.Keylogger.2.90E865B9
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C2832100
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34700.xm1@airHR6fj
VBA32	BScope.Trojan-GameThief.Magania
Zoner	Trojan.Win32.80229
ESET-NOD32	Win32/Farfli.BGG
Rising	Backdoor.Farfli!8.B4 (TFE:5:bL8vVvLdNzM)
Yandex	Trojan.GenAsa!TUiWhMkZPf8
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Midie.26C0!tr
AVG	Win32:Malware-gen
Cybereason	malicious.27b1fd
Qihoo-360	HEUR/QVM18.1.4022.Malware.Gen