Malware

Should I remove “BAT/KillBackup.C”?

Malware Removal

The BAT/KillBackup.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BAT/KillBackup.C virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine BAT/KillBackup.C?



File Info:

name: 6BCB43A32C21FE5BFB51.mlw
path: /opt/CAPEv2/storage/binaries/79324f9573057cdb2a50ae32444be0b50935e07c2120a6a7082fc4349649d4ea
crc32: 6834725C
md5: 6bcb43a32c21fe5bfb510256dbeb3297
sha1: e82f2aa80a623f515672869d8240a28fdbd771ee
sha256: 79324f9573057cdb2a50ae32444be0b50935e07c2120a6a7082fc4349649d4ea
sha512: d736473fae382914795ede54a8d711c0b9331407cb018ed1a83984cdf42b42f3b772d954a651a0d394f96c64696f45a90b4432d5d826b518ef166f1c8ebecc01
ssdeep: 96:ZPuZLfxl7o0IhSP/YXHe9H7Yd1Ez+4+vOfW+KQGNaNRugNM:ZMfj/C+9bYjSpWOfWrpaNG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8F1B766A7B88773EDBA0F355C6256411731E605CE23EA2F8882500B5D733108AB2FB5
sha3_384: 68686d20e8789f515c3b33471288d46ad7f771a61d78138699680ee8fffa0f706b0e5a24ed1066b188fd05709e68acaf
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-07-03 14:48:14


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Ghol3s
FileVersion: 1.0.0.2
InternalName: Ghol3s.exe
LegalCopyright: Copyright ©  2018
LegalTrademarks: 
OriginalFilename: Ghol3s.exe
ProductName: Ghol3s
ProductVersion: 1.0.0.2
Assembly Version: 1.0.0.2

BAT/KillBackup.C also known as:

LionicTrojan.Win32.Agent.j!c
MicroWorld-eScanTrojan.GenericKD.45865602
McAfeeArtemis!6BCB43A32C21
MalwarebytesGeneric.Malware/Suspicious
ZillyaTrojan.Agent.Win32.960979
SangforRansom.Win32.Killbackup.Vz0v
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:BAT/KillBackup.6eaeb3f1
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.32c21f
BitDefenderThetaGen:NN.ZemsilF.36196.am0@a0MQRJp
SymantecRansom.Wannacry
Elasticmalicious (high confidence)
ESET-NOD32BAT/KillBackup.C
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.Agent.gen
BitDefenderTrojan.GenericKD.45865602
NANO-AntivirusTrojan.Win32.Ransom.ffcowz
AvastWin32:Malware-gen
TencentWin32.Trojan-Ransom.Agent.Rqil
EmsisoftTrojan.Ransom.Unlock92 (A)
F-SecureTrojan.TR/Ransom.wxqmx
VIPRETrojan.GenericKD.45865602
TrendMicroRansom_Agent.R002C0GB423
McAfee-GW-EditionArtemis!Trojan
Trapminesuspicious.low.ml.score
FireEyeTrojan.GenericKD.45865602
SophosMal/Generic-S
GDataTrojan.GenericKD.45865602
JiangminTrojan.Agent.boyu
AviraTR/Ransom.wxqmx
Antiy-AVLTrojan[Ransom]/Win32.Agent
XcitiumMalware@#a6sootn9hq34
ArcabitTrojan.Generic.D2BBDA82
ZoneAlarmHEUR:Trojan-Ransom.Win32.Agent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
VBA32Trojan.MSIL.DelShad.Heur
ALYacTrojan.GenericKD.45865602
MAXmalware (ai score=84)
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_Agent.R002C0GB423
RisingRansom.Agent!8.6B7 (CLOUD)
YandexTrojan.Agent!k/eN8EnQg3s
IkarusTrojan.BAT.Killbackup
MaxSecureTrojan.Malware.12310942.susgen
FortinetMSIL/KillFiles.AQ!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove BAT/KillBackup.C?

BAT/KillBackup.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment