Backdoor

Backdoor:Win32/Xtrat.B removal guide

Malware Removal

The Backdoor:Win32/Xtrat.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Xtrat.B virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Xtreme malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Xtrat.B?



File Info:

name: B7ACE9DD6FD990D67F08.mlw
path: /opt/CAPEv2/storage/binaries/837055cd51f13c92b43b3e7d9e5a141224bace91d3f39e1a8db5bd7ea5f7e74a
crc32: 37C76C84
md5: b7ace9dd6fd990d67f086dfbe70f9d3b
sha1: 22e1bce177eb9e2b67cf4dc7bd68027f942ca46f
sha256: 837055cd51f13c92b43b3e7d9e5a141224bace91d3f39e1a8db5bd7ea5f7e74a
sha512: 5f07e66270093c52b3d57d7fb91b5ec5a17758532aea746c1cfaf1af744bb3be5c6c7ecf0263543474bfe2e394e803a680b1374310cc66c073a38088e3daa213
ssdeep: 768:NB7+tTFH90iY6W1jwmDzKgEFQXKklzIAn38hwfOgw0c0zova:zCBg31jxPEFQXKkx384bpova
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T145233B22A7BC0571E0721B7C8C9DD119F47E7D311A32B45EF18A1E4E84763D27A2972B
sha3_384: 90dcf1205754eb42c9d97305defb34d90ead1fcc24d5fb3442629cb341705ea85961279e9a39408bb8a2c2c0f5a84114
ep_bytes: 548bec81c4e8f7ffff53565733c08985
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor:Win32/Xtrat.B also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Xtreme.ldwI
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Ransom.Loki.22023
ClamAVWin.Trojan.Xtreme-7
FireEyeGeneric.mg.b7ace9dd6fd990d6
CAT-QuickHealBackdoor.Xtrat.AA8
SkyhighBehavesLike.Win32.ExploitMydoom.ph
McAfeeBackDoor-FCDE!B7ACE9DD6FD9
Cylanceunsafe
ZillyaTrojan.Remtasu.Win32.4984
SangforTrojan.Win32.Save.a
K7AntiVirusBackdoor ( 003708201 )
AlibabaBackdoor:Win32/Xtreme.e308ed9f
K7GWBackdoor ( 003708201 )
Cybereasonmalicious.177eb9
ArcabitTrojan.Ransom.Loki.D5607
BaiduWin32.Trojan.Remtasu.a
VirITBackdoor.Win32.Xtreme.BID
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Remtasu.O
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Xtreme.gen
BitDefenderGen:Variant.Ransom.Loki.22023
NANO-AntivirusTrojan.Win32.Virtumod.ejzzyt
AvastWin32:BackDoor-ABH [Trj]
TencentBackdoor.Win32.Xtreme.bid
EmsisoftGen:Variant.Ransom.Loki.22023 (B)
F-SecureBackdoor.BDS/Xtrat.46080125
DrWebTrojan.Virtumod.11842
VIPREGen:Variant.Ransom.Loki.22023
SophosTroj/Keylog-OI
IkarusBackdoor.Win32.Xtreme
JiangminTrojan/XtremeKeylogger.y
WebrootW32.Virus.Gen
GoogleDetected
AviraBDS/Xtrat.46080125
Antiy-AVLTrojan[Backdoor]/Win32.Xtreme.bid
KingsoftWin32.HeurC.KVMH017.a
XcitiumMalware@#30xoce2kc4w7d
MicrosoftBackdoor:Win32/Xtrat.B
ViRobotBackdoor.Win32.A.Xtreme.21504.C
ZoneAlarmBackdoor.Win32.Xtreme.gen
GDataWin32.Trojan.PSE.16VWBSU
VaristW32/Xtrat.C.gen!Eldorado
AhnLab-V3Backdoor/Win32.Xtreme.R32518
BitDefenderThetaAI:Packer.1FD3C0E121
ALYacGen:Variant.Ransom.Loki.22023
MAXmalware (ai score=100)
VBA32BScope.Backdoor.Xtreme
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/CI.A
RisingBackdoor.Xtrat!1.6A25 (CLASSIC)
YandexBackdoor.Xtreme!O6kkEpjHbHk
SentinelOneStatic AI – Malicious PE
MaxSecureBackdoor.Xtreme.azc
FortinetW32/TRATS.SMM!tr.bdr
AVGWin32:BackDoor-ABH [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Xtrat.B?

Backdoor:Win32/Xtrat.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment