Categories: Backdoor

Backdoor:Win32/Tenpeq.C removal tips

The Backdoor:Win32/Tenpeq.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Tenpeq.C virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

How to determine Backdoor:Win32/Tenpeq.C?


File Info:
crc32: 071E2B1Cmd5: e3445f0d2a10c1e72c74d6a8a6ad8c10name: E3445F0D2A10C1E72C74D6A8A6AD8C10.mlwsha1: d01d2bb937487bba835f43953fc51e61cf60a8a0sha256: a99d052e9dd9b54b3f549722725785b5d82e44de6a5d4fd73a67966b181a0e45sha512: d1f89cf5fb0000a7c2abdcdaa37fbcd5384564e04a94cceb9011bc6622eebead92dd33aa8e80dd8b787511b8e5774473debd9edc8d77f463f98d9f27d7af64bbssdeep: 12288:o9Ec//////tBU3J1w0yh/vtjoYI/JEF6EQOj7oblsbJCysoplNRwp+MzxkxzSY3v:IEc//////d0yNNw/JEYEQOfk29Csqde3type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor:Win32/Tenpeq.C also known as:

Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Graftor-1455
FireEye	Generic.mg.e3445f0d2a10c1e7
CAT-QuickHeal	Trojan.Delfinject.17617
ALYac	Gen:Heur.Mint.Zard.35
Cylance	Unsafe
VIPRE	Trojan.Win32.Injector.fut (v)
Sangfor	Malware
K7AntiVirus	Trojan ( 005191a81 )
BitDefender	Gen:Heur.Mint.Zard.35
K7GW	Trojan ( 005191a81 )
Cybereason	malicious.d2a10c
Symantec	SMG.Heur!gen
TotalDefense	Win32/Injector.A!generic
APEX	Malicious
Avast	Win32:Inject-ZM [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Backdoor:Win32/Tenpeq.07a7b8f2
NANO-Antivirus	Trojan.Win32.Buzus.bylho
MicroWorld-eScan	Gen:Heur.Mint.Zard.35
Ad-Aware	Gen:Heur.Mint.Zard.35
Emsisoft	Gen:Heur.Mint.Zard.35 (B)
Comodo	TrojWare.Win32.Buzus.fbnc@4mgtpb
F-Secure	Dropper.DR/Delphi.Gen
DrWeb	Trojan.DownLoader5.4842
TrendMicro	TROJ_INJECT.SMT
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
MaxSecure	Trojan.Malware.300983.susgen
Sophos	ML/PE-A
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan/Buzus.bamx
Avira	DR/Delphi.Gen
MAX	malware (ai score=82)
Microsoft	Backdoor:Win32/Tenpeq.C
Arcabit	Trojan.Mint.Zard.35
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Heur.Mint.Zard.35
AhnLab-V3	Trojan/Win32.Buzus.R73383
Acronis	suspicious
McAfee	GenericRXBP-HQ!E3445F0D2A10
VBA32	Malware-Cryptor.Inject.gen
Malwarebytes	Malware.AI.1732970864
Zoner	Trojan.Win32.33877
ESET-NOD32	a variant of Win32/Injector.FUT
TrendMicro-HouseCall	TROJ_INJECT.SMT
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazpI0vtMLhnXXR8pBe/0tnCT)
Yandex	Trojan.GenAsa!ATLc8IOeu5c
Ikarus	Trojan-PWS.Win32.QQPass
eGambit	Unsafe.AI_Score_91%
Fortinet	W32/Injector.GUD!tr
BitDefenderTheta	AI:Packer.0E6A428419
AVG	Win32:Inject-ZM [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Generic.HwUB8vcA