Categories: Backdoor

Backdoor:Win32/Plugx.N!dha removal instruction

The Backdoor:Win32/Plugx.N!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Plugx.N!dha virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Creates a slightly modified copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

vpn.premrera.com

How to determine Backdoor:Win32/Plugx.N!dha?


File Info:
crc32: 5B278A35md5: aea7aa3da7d1f06a7079741a0e6e9683name: AEA7AA3DA7D1F06A7079741A0E6E9683.mlwsha1: 97596682f3743f69326d30c7e83e10e7d2c70024sha256: b8100c03b15d248c12fd11e9cc3d2a7f262d573bd963148f978a674d8a8860a0sha512: 3a6ef24c934e66dfbc6560c9aadb39c863faab69b41b57bcb72193e8db330d537d108ada31d1c54753b4cbabac7c204a7552aa01e8a7c33914eca30a39ac567assdeep: 768:KhSksandb4GgyMsp4hyYtoVxYGm18A6PsED3VK2+ZtyOjgO4r9vFAg2rqv:KTsGpehyYtkYvKlYTjipvF2Wtype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, PECompact2 compressed
Version Info:
0: [No Data]

Backdoor:Win32/Plugx.N!dha also known as:

Bkav	W32.AIDetectGBM.malware.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Dropped:Win32.Hematite.C
FireEye	Generic.mg.aea7aa3da7d1f06a
CAT-QuickHeal	Trojan.Generic
ALYac	Dropped:Win32.Hematite.C
Cylance	Unsafe
Zillya	Trojan.Shyape.Win32.933
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004b506c1 )
BitDefender	Dropped:Win32.Hematite.C
K7GW	Trojan ( 004b506c1 )
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W32/Trojan.FAL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Cleaman-K [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Shyape.fwyawt
Rising	Backdoor.Plugx!8.D0 (TFE:dGZlOgXQBkwqS1Lo+w)
Ad-Aware	Dropped:Win32.Hematite.C
Emsisoft	Dropped:Win32.Hematite.C (B)
Comodo	TrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
F-Secure	Backdoor.BDS/Shyape.pzisa
DrWeb	Trojan.Siggen7.10761
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.lm
Sophos	ML/PE-A + Mal/EncPk-AAT
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan/Generic.bcaze
Avira	BDS/Shyape.pzisa
eGambit	RAT.Sakula
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	Backdoor:Win32/Plugx.N!dha
Gridinsoft	Trojan.Heur!.03012061
Arcabit	Win32.Hematite.C
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Dropped:Win32.Hematite.C
AhnLab-V3	Malware/Win32.Generic.C4111700
Acronis	suspicious
McAfee	GenericRXFN-BJ!AEA7AA3DA7D1
MAX	malware (ai score=86)
VBA32	Trojan.Sakurel
Malwarebytes	Generic.Trojan.Malicious.DDS
Zoner	Trojan.Win32.78910
ESET-NOD32	Win32/Shyape.J
Tencent	Malware.Win32.Gencirc.10b0ce87
Yandex	Trojan.Shyape!xBcNPDyJr1A
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Shyape.J!tr
BitDefenderTheta	AI:Packer.7C55569D1D
AVG	Win32:Cleaman-K [Trj]
Cybereason	malicious.da7d1f
Qihoo-360	HEUR/QVM19.1.6637.Malware.Gen