Backdoor

Backdoor:Win32/Unskal.C removal guide

Malware Removal

The Backdoor:Win32/Unskal.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Unskal.C virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the BackOffPOS malware family
  • Anomalous binary characteristics

How to determine Backdoor:Win32/Unskal.C?


File Info:

name: ACDF56D2884443C3AD39.mlw
path: /opt/CAPEv2/storage/binaries/d21e103b834f67a09a79fb57e6168b5d1fff7e679c8e04e6294a162948ff8e29
crc32: 5B18A0A5
md5: acdf56d2884443c3ad39ae6542fe0eb9
sha1: 31a7ae4d92cf742f447396a197a5ba722e672f05
sha256: d21e103b834f67a09a79fb57e6168b5d1fff7e679c8e04e6294a162948ff8e29
sha512: 47ff8d559c544b7926ba9b68d1ae7f28264157e65868a3dbfe9fe7f9c91922f6886783249f794b43de11ea1b8da410f619d3b481dde0d466d44f8c19613ac56b
ssdeep: 1536:NiUC//ucmjzAgkb5DYjzzYrwSsu0wZLm+BctW5qsWjcdgo+T0CBX9B3Bbyv8:o3azAlUjbwZm+cwb+T0CV97byv8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10CE36C0276C48072D473423609A5AB51467DFDB18F765F1FB7D85A8E0FB82C0663ABA3
sha3_384: 950fcfe6d9d7f9dde632b207be2aa168a13af68f14f56659664d003344c06466275179a24119d231d88e4d35e372b5aa
ep_bytes: e80e430000e9000000006a1468b0a141
timestamp: 2015-03-22 15:51:36

Version Info:

0: [No Data]

Backdoor:Win32/Unskal.C also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
ClamAVWin.Trojan.Poseidon-30
CAT-QuickHealTrojan.PosRI.S24702264
SkyhighBehavesLike.Win32.Generic.cm
ALYacGen:Variant.Graftor.188187
Cylanceunsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Graftor.188187
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
ArcabitTrojan.Graftor.D2DF1B
SymantecInfostealer.Posfind
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Agent.QTJ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.POS.aa
AlibabaTrojanSpy:Win32/Unskal.52fab355
NANO-AntivirusTrojan.Win32.FindStr.drurws
MicroWorld-eScanGen:Variant.Graftor.188187
AvastWin32:Poseidon-D [Trj]
RisingBackdoor.Unskal!8.2C55 (TFE:5:eyqx3VoD0FS)
EmsisoftGen:Variant.Graftor.188187 (B)
F-SecureHeuristic.HEUR/AGEN.1319008
DrWebTrojan.FindStr.8
ZillyaTrojan.POS.Win32.38
TrendMicroTSPY_FINDPOS.SMA
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.acdf56d2884443c3
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.POS.i
VaristW32/Agent.DDA.gen!Eldorado
AviraHEUR/AGEN.1319008
MAXmalware (ai score=100)
Antiy-AVLVirus/Win32.Expiro.imp
XcitiumMalware@#1q8lz111mi88g
MicrosoftBackdoor:Win32/Unskal.C
ZoneAlarmTrojan-Spy.Win32.POS.aa
GDataGen:Variant.Graftor.188187
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R147926
McAfeeGenericRXPE-ZR!ACDF56D28844
VBA32TrojanSpy.POS
MalwarebytesMalware.AI.941447832
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_FINDPOS.SMA
TencentWin32.Trojan-Spy.Pos.Simw
YandexTrojanSpy.POS!yK1eNyJvrvA
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Backoff.D!tr
BitDefenderThetaGen:NN.ZexaF.36802.jyW@aijWrpoi
AVGWin32:Poseidon-D [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Backdoor:Win32/Unskal.C?

Backdoor:Win32/Unskal.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment