Backdoor

Backdoor:Win32/Tofsee!rfn malicious file

Malware Removal

The Backdoor:Win32/Tofsee!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Tofsee!rfn virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Backdoor:Win32/Tofsee!rfn?



File Info:

crc32: 181D9312
md5: 7e2c560f954b4b70244c169b1603ca41
name: 7E2C560F954B4B70244C169B1603CA41.mlw
sha1: 806ec32a555fb24269eb6d7753e27436449f9fcc
sha256: 34754764b32118937f5f91e52fc8e62e5b7a2f8ba57625e796195c21dcb51f21
sha512: 29724758be09e5ebddae491e1a78da1dbe6a840c0ee392ae8cea533c17bf38ba586d05488553ca78db61e2c461790ff1aadbc3f991adf70eb3abd9ace806db19
ssdeep: 3072:Y6u+iSNoHS11zfbOT5e96TwjEDatHL4kHK+/M3frt9TW3J7yw:Y6u+iaoHS11zfbOtG6TwjEDatHMkHK2
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) Mbqhs Gxhrclt Fvkjfi 2008
InternalName: Fpcna
FileVersion: 2, 18, 95, 237
ProductName: Bhovbxdnkayzsj Taowdrpnjfc Lshjbcy Rklxmhdzjcugi Guhpemzagctido
ProductVersion: 2, 18, 95, 237
FileDescription: Ssluvadr Dpfxgj Frbxmkoc Vkofdvl Gbqlf
Translation: 0x0409 0x04b0

Backdoor:Win32/Tofsee!rfn also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0042b9231 )
DrWebTrojan.DownLoad3.20917
McAfeeArtemis!7E2C560F954B
CylanceUnsafe
SangforTrojan.Win32.Save.a
AlibabaTrojan:Win32/Tofsee.3a7a5e2c
K7GWTrojan ( 0042b9231 )
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Tofsee.AV
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.DownLoad3.ecitkd
TencentWin32.Trojan.Generic.Aisi
SophosMal/Generic-S
ComodoMalware@#12xkloysyi9wd
BitDefenderThetaGen:NN.ZexaF.34110.lu0@aG9q0Nki
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.7e2c560f954b4b70
eGambitGeneric.Malware
MicrosoftBackdoor:Win32/Tofsee!rfn
ZoneAlarmHEUR:Trojan.Win32.Generic
AhnLab-V3Trojan/Win32.Generic.C2314133
VBA32BScope.Trojan.Download
MAXmalware (ai score=100)
PandaTrj/Genetic.gen
RisingTrojan.Generic@ML.83 (RDMK:M4MMhdKURI+mw2pnz61P+w)
YandexTrojan.Agent!UwTwCSQOaNA
IkarusTrojan-Ransom.TeslaCrypt
FortinetW32/Tofsee.AV!tr
AVGWin32:Malware-gen

How to remove Backdoor:Win32/Tofsee!rfn?

Backdoor:Win32/Tofsee!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment