What is "BScope.Backdoor.DarkKomet"?

The BScope.Backdoor.DarkKomet is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What BScope.Backdoor.DarkKomet virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Turkish
Tries to unhook or modify Windows functions monitored by Cuckoo
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

xred.mooo.com

freedns.afraid.org

a.tomx.xyz

How to determine BScope.Backdoor.DarkKomet?


File Info:
crc32: AFB3A645
md5: d6347de1a4f3603ce1ed34237ecd344b
name: ksd.exe
sha1: 244957fd2b829f877620600c00df781314e6a48f
sha256: ba7cc750355a3e0fc59dd67f1dd94a74bc1fc30c1af5a76601070412ec701a24
sha512: 4af73dca995c5adbe873e3d41b178e4da89471dc28952a4ef23b62e163a81807d95403a0e4e91597c524562ec6634c2ecba6d2ed3222524dfc4ebb35f54b3727
ssdeep: 49152:KnsHyjtk2MYC5GDAg/Gj4a0zjKdLuyrh6ElG4zovyKa2t:Knsmtk2a6GUaM0Luyrh1lG4zo6p0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

BScope.Backdoor.DarkKomet also known as:

MicroWorld-eScan	Dropped:Trojan.GenericKD.32840913
FireEye	Generic.mg.d6347de1a4f3603c
CAT-QuickHeal	W32.Delf.NB4
Qihoo-360	Win32/Virus.Synaptics.A
McAfee	GenericRXJO-YL!D6347DE1A4F3
Cylance	Unsafe
VIPRE	BehavesLike.Win32.Malware.eah (mx-v)
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Dropped:Trojan.GenericKD.32840913
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.1a4f36
TrendMicro	Virus.Win32.NAPWHICH.B
F-Prot	W32/Zorex.A
APEX	Malicious
ClamAV	Win.Malware.Delf-6899401-0
GData	Dropped:Trojan.GenericKD.32840913
Kaspersky	Backdoor.Win32.DarkKomet.hqxy
Alibaba	TrojanSpy:Win32/Estoler.181228
NANO-Antivirus	Trojan.Win32.DarkKomet.fazbwq
Avast	Win32:Zorex-E [Wrm]
Tencent	Malware.Win32.Gencirc.10b8ace3
Ad-Aware	Dropped:Trojan.GenericKD.32840913
Sophos	Generic PUA LF (PUA)
Comodo	Virus.Win32.Agent.DE@74b38h
F-Secure	Trojan:W97M/MaliciousMacro.GEN
DrWeb	Trojan.DownLoader22.9658
Zillya	Trojan.Delf.Win32.76144
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vh
Trapmine	suspicious.low.ml.score
Emsisoft	Dropped:Trojan.GenericKD.32840913 (B)
Ikarus	Virus.Win32.Delf
Cyren	W32/Backdoor.OAZM-5661
Jiangmin	Trojan.Generic.bhoqf
Webroot	W32.Malware.gen
Avira	WORM/Dldr.Agent.gqrxn
MAX	malware (ai score=84)
Antiy-AVL	GrayWare/Win32.FlyStudio.a
Endgame	malicious (high confidence)
Arcabit	HEUR.VBA.Trojan.d
ZoneAlarm	Backdoor.Win32.DarkKomet.hqxy
Microsoft	Worm:Win32/AutoRun.XXY!bit
AhnLab-V3	Win32/Zorex.X1799
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZelphiCO.34090.IIW@ayBjBviG
ALYac	Dropped:Trojan.GenericKD.32840913
VBA32	BScope.Backdoor.DarkKomet
Malwarebytes	Trojan.Agent
ESET-NOD32	Win32/Delf.NBX
TrendMicro-HouseCall	Virus.Win32.NAPWHICH.B
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazpRLtE2xFXPTiXZNJDXLG6O)
Yandex	BackDoor.Optix!
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Delf.NBX!tr
AVG	Other:Malware-gen [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_80% (D)
MaxSecure	Trojan.Malware.121218.susgen

How to remove BScope.Backdoor.DarkKomet?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “BScope.Backdoor.DarkKomet”?