Categories: Backdoor

Backdoor:Win32/Vawtrak.C removal guide

The Backdoor:Win32/Vawtrak.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Vawtrak.C virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
Expresses interest in specific running processes
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Tries to unhook or modify Windows functions monitored by Cuckoo
Installs itself for autorun at Windows startup
Exhibits behavior characteristics of Vawtrak / Neverquest malware.
Attempts to modify browser security settings
Creates a copy of itself
Attempts to disable browser security warnings

How to determine Backdoor:Win32/Vawtrak.C?


File Info:
crc32: 5093A3F4md5: dd7a5ec536878cd2dc174856f287b77ename: upload_filesha1: f065ec5b83fb33f6381674539dd3dd99e0346af0sha256: 71cc04f8bff5e8e2e017abeea0e2b288a58ef8af264c5b5a96115eb9a8baa40dsha512: 09b3927eab77effa231b011acaabb7ff7cfcff8a0d855960fda54eae0211af0547df780ad25450bca75b8b450a387a1651ebf171bcf9fc16786ea41ca30a84dassdeep: 3072:qJeX8OBVi029wCW0zwPoce56vmVVaI9SlN5U+jeD5Cauj8ii4ysX:qSXFezCeVVaNteNujjPtype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Tonec Inc., Copyright xa9 1999 - 2015InternalName: IEMonitoronitor Application: <x0cx01ProductVersionFileVersion: 6, 22, 1, 1CompanyName: Tonec Inc.ecialBuild: DPrivateBuild: Lx16x01ProductNameLegalTrademarks: Internet Download ManagerComments: Internet Download Manager agent for click monitoring in IE-based browsers22, 1, 1:  FileDescription: Internet Download Manager agent for click monitoring in IE-based browsersOriginalFilename: IEMonitor.EXETranslation: 0x0409 0x04b0

Backdoor:Win32/Vawtrak.C also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Ransom.Cerber.1
McAfee	Packed-AM!DD7A5EC53687
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005224381 )
BitDefender	Trojan.Ransom.Cerber.1
K7GW	Trojan ( 005224381 )
CrowdStrike	win/malicious_confidence_100% (D)
Invincea	Mal/Generic-S + Mal/Gozi-D
BitDefenderTheta	Gen:NN.ZedlaF.34282.ou8@aadsWdki
Symantec	Packed.Generic.459
Baidu	Win32.Trojan.Kryptik.anp
TrendMicro-HouseCall	Ransom_CERBER.SMEJ5
ClamAV	Win.Trojan.Emotet-6894547-0
Kaspersky	HEUR:Packed.Win32.Mentiger.gen
NANO-Antivirus	Trojan.Win32.Vawtrak.eviqmw
Ad-Aware	Trojan.Ransom.Cerber.1
Sophos	Mal/Gozi-D
Comodo	TrojWare.Win32.Swizzor.LMG@6hcnyz
F-Secure	Heuristic.HEUR/AGEN.1105834
DrWeb	Trojan.Packed
TrendMicro	Ransom_CERBER.SMEJ5
McAfee-GW-Edition	Packed-AM!DD7A5EC53687
FireEye	Generic.mg.dd7a5ec536878cd2
Emsisoft	Trojan.Ransom.Cerber.1 (B)
APEX	Malicious
Avira	HEUR/AGEN.1105834
Microsoft	Backdoor:Win32/Vawtrak.C
Arcabit	Trojan.Ransom.Cerber.1
ZoneAlarm	HEUR:Packed.Win32.Mentiger.gen
GData	Trojan.Ransom.Cerber.1
Cynet	Malicious (score: 100)
AhnLab-V3	HEUR/Malga.D708.X1491
Acronis	suspicious
VBA32	BScope.Trojan.Jorik
ALYac	Trojan.Ransom.Cerber.1
MAX	malware (ai score=98)
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.EHXU
Rising	Trojan.Kryptik!1.AE9C (CLASSIC)
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Locky.FGA!tr.ransom
AVG	FileRepMalware
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.433