Backdoor:Win32/Poebot malicious file

The Backdoor:Win32/Poebot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Poebot virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Connects to an IRC server, possibly part of a botnet
Anomalous binary characteristics

Related domains:

xx.enterhere.biz

xx.nadnadzz.info

xx.ka3ek.com

How to determine Backdoor:Win32/Poebot?


File Info:
crc32: 62D4DE3F
md5: d816943eeb29a00ceb54ec7b012dd4f1
name: D816943EEB29A00CEB54EC7B012DD4F1.mlw
sha1: 08b5c2049d9cd02bcc00abc6a8a95263bd43fed6
sha256: 0045410825a078e8ec3371329e22d0a1a5c7708259b4a78e1797b8af4e84f0bb
sha512: 4a309433b90d122564a5b2c93f833a8a3012554e192079b5e9a24c1fe67b905799764d57008bbb4db41c3935f5d217ab5036e71ae52e60d48768973f504689c1
ssdeep: 3072:qYSyLbuvTSuCn2dyem9HGtdFhIG8EmF4oiZo9YU8W:8Yyb6n2dzm9HGtnhxDmF4owo9Yy
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Backdoor:Win32/Poebot also known as:

K7AntiVirus	Trojan ( 7000000f1 )
Elastic	malicious (high confidence)
DrWeb	BackDoor.IRC.Sdbot.945
Cynet	Malicious (score: 100)
ALYac	Backdoor.Linkbot-M
Cylance	Unsafe
Zillya	Backdoor.Nepoe.Win32.449
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Trojan:Win32/Fsysna.8416a87d
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.eeb29a
Cyren	W32/Backdoor.AROE-0746
Symantec	Backdoor.Trojan
ESET-NOD32	Win32/Poebot.NBF
APEX	Malicious
Avast	Win32:Delf-NCB [Drp]
ClamAV	Win.Trojan.Nepoe-2
Kaspersky	Trojan.Win32.Fsysna.cizw
BitDefender	Gen:Variant.Graftor.Elzob.8763
NANO-Antivirus	Trojan.Win32.Nepoe.bamuh
ViRobot	Backdoor.Win32.Nepoe.31744
MicroWorld-eScan	Gen:Variant.Graftor.Elzob.8763
Tencent	Win32.Trojan.Fsysna.Wpsw
Ad-Aware	Gen:Variant.Graftor.Elzob.8763
Sophos	Mal/Generic-R + Troj/Poebot-NJ
Comodo	TrojWare.Win32.Poebot.NBF1@1lq5mc
BitDefenderTheta	AI:Packer.97FC1D581E
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_LAMEWAR.VTG
McAfee-GW-Edition	BehavesLike.Win32.Wabot.cc
FireEye	Generic.mg.d816943eeb29a00c
Emsisoft	Gen:Variant.Graftor.Elzob.8763 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor/Nepoe.cn
Webroot	Vir.Tool.Gen
Avira	DR/Delphi.Gen
eGambit	Unsafe.AI_Score_95%
Antiy-AVL	Trojan/Generic.ASMalwS.126C
Kingsoft	Win32.Hack.Undef.(kcloud)
Microsoft	Backdoor:Win32/Poebot.gen
SUPERAntiSpyware	Trojan.Agent/Gen
GData	Gen:Variant.Graftor.Elzob.8763
AhnLab-V3	Backdoor/Win32.Nepoe.R44008
Acronis	suspicious
McAfee	Generic.dx!D816943EEB29
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Palevo.06
Panda	Bck/Poebot.NY
TrendMicro-HouseCall	TROJ_LAMEWAR.VTG
Rising	Trojan.Spy.Win32.Zbot.fwh (CLASSIC)
Yandex	Backdoor.Nepoe.HM
Ikarus	P2P-Worm.Win32.Palevo
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.fam!tr
AVG	Win32:Delf-NCB [Drp]

How to remove Backdoor:Win32/Poebot?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor:Win32/Poebot malicious file