Backdoor

Backdoor:Win32/Rescoms!rfn information

Malware Removal

The Backdoor:Win32/Rescoms!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Rescoms!rfn virus can do?

  • Authenticode signature is invalid
  • CAPE detected the Remcos malware family
  • Creates known Remcos mutexes
  • Creates known Remcos registry keys

How to determine Backdoor:Win32/Rescoms!rfn?


File Info:

name: EFCCB3DC0379D2ED9F5D.mlw
path: /opt/CAPEv2/storage/binaries/a9d8f4f8559443655b100a63e54b14f5f6f9eb64e042cea0bd172c18e4c7ba05
crc32: 63CE209C
md5: efccb3dc0379d2ed9f5d1847cf613984
sha1: 8d351718f5bc68588379520a36d8e9a8f5c4e2f3
sha256: a9d8f4f8559443655b100a63e54b14f5f6f9eb64e042cea0bd172c18e4c7ba05
sha512: e862ecca2adcb51efb44acda0f0ce620cc808b6b9759225dfc9f1c9315a502f49ba6f2cca29b13ffb95b93fa33ed63d836de30d033bf9f31930cf16ed77a4ca1
ssdeep: 1536:KpNEsaeiQl8TIqytzRJl+uiNuI7FFCPBsZcOzq1T35T/bLeILtVo8V:KpNEaiQl2qouiNdFFCiZcOz+TJ/neAt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16F83E707FE06C1F3E81102B21B553762AFBDEC231619A927C745C581EEB884AE4B567B
sha3_384: 543739f45137d2a699af4fd68d9da233666018189220e4db20ebafc3dbe73f771aaa5d77950866ea65e43194ca330842
ep_bytes: 558bec6aff6818e040006890c6400064
timestamp: 2019-01-06 20:31:41

Version Info:

0: [No Data]

Backdoor:Win32/Rescoms!rfn also known as:

BkavW32.AIDetectMalware
ElasticWindows.Generic.Threat
MicroWorld-eScanGeneric.Remcos.0A6D706A
FireEyeGeneric.mg.efccb3dc0379d2ed
SkyhighBehavesLike.Win32.Generic.mm
McAfeeGenericRXGN-WO!EFCCB3DC0379
MalwarebytesGeneric.Malware.AI.DDS
VIPREGeneric.Remcos.0A6D706A
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0053f2bc1 )
AlibabaBackdoor:Win32/Remcos.32254c3c
K7GWTrojan ( 0053f2bc1 )
VirITTrojan.Win32.PSWStealer.CUS
SymantecBackdoor.Remcos!g1
tehtrisGeneric.Malware
ESET-NOD32Win32/Rescoms.C
ClamAVWin.Trojan.Remcos-9763891-0
KasperskyHEUR:Backdoor.Win32.Remcos.gen
BitDefenderGeneric.Remcos.0A6D706A
NANO-AntivirusTrojan.Win32.Rescoms.flybtw
AvastWin32:RATX-gen [Trj]
TencentMalware.Win32.Gencirc.10b4b418
EmsisoftGeneric.Remcos.0A6D706A (B)
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1325093
DrWebTrojan.Siggen8.11083
ZillyaTrojan.Generic.Win32.479460
SophosTroj/Remcos-DI
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.cxbkh
VaristW32/Rescoms.E.gen!Eldorado
AviraHEUR/AGEN.1325093
MAXmalware (ai score=89)
Antiy-AVLTrojan[Backdoor]/Win32.Remcos
Kingsoftmalware.kb.a.999
MicrosoftBackdoor:Win32/Rescoms!rfn
XcitiumTrojWare.Win32.Rescoms.B@7ijo3m
ArcabitGeneric.Remcos.0A6D706A
ViRobotTrojan.Win32.Remcos.86016
ZoneAlarmHEUR:Backdoor.Win32.Remcos.gen
GDataGeneric.Remcos.0A6D706A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Remcos.R291256
BitDefenderThetaGen:NN.ZexaF.36802.fuW@a81kAnei
VBA32BScope.Trojan.Fuerboos
Cylanceunsafe
PandaTrj/Genetic.gen
ZonerTrojan.Win32.85871
RisingBackdoor.Remcos!8.B89E (TFE:5:oLtklvdnsKR)
YandexTrojan.GenAsa!cN6oYc8p7Uk
IkarusBackdoor.Remcos
FortinetW32/Generic.AP.21672C!tr
AVGWin32:RATX-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudBackdoor:Win/Remcos.116ac2c0

How to remove Backdoor:Win32/Rescoms!rfn?

Backdoor:Win32/Rescoms!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment