Should I remove “FarFli.Backdoor.Bot.DDS”?

The FarFli.Backdoor.Bot.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What FarFli.Backdoor.Bot.DDS virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine FarFli.Backdoor.Bot.DDS?


File Info:
name: 8B6D3E85AB5CA0C021C1.mlw
path: /opt/CAPEv2/storage/binaries/f7d0fd23deb0d69b5440ae828983758cbbd13571a015415fe3787747db5fa951
crc32: 0D5B7F89
md5: 8b6d3e85ab5ca0c021c1c995c14b46e8
sha1: 020589561c87b546b01630ec1edcd050e0e1c74f
sha256: f7d0fd23deb0d69b5440ae828983758cbbd13571a015415fe3787747db5fa951
sha512: 4dffccee918d34a4be4c8d225e0a6d000be6b691acd1a3a16e78dbe42ed48e807acd4d0800f877f112509316e860e73e1f4c2f94861df8f0d46bb9a6c25e7284
ssdeep: 3072:m14g+z3JepQMEE6Q+1rqmvJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgCAWUMs8rnxjC:mj+rJes5x1rqmvoxEvTEPp/F9rnxS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7744B256FB81CB6C056383B0C2E55610737A833166783F3A996EFEC4EF16E8D456863
sha3_384: 330381cd21b58a8b290617f69181d8b4e556825f686072c30ad22cfbb6d07c4fe3a6b96d9badd35173ad7ed85089bd69
ep_bytes: 6c4469760000e8045665726966795665
timestamp: 2009-12-04 13:35:59

Version Info:
0: [No Data]

FarFli.Backdoor.Bot.DDS also known as:

Bkav	W32.AIDetectMalware
ClamAV	Win.Virus.Virut-6819900-0
FireEye	Generic.mg.8b6d3e85ab5ca0c0
Malwarebytes	FarFli.Backdoor.Bot.DDS
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.36164.vuY@aSYu2Mb
VirIT	Win32.Scribble.AC
Cyren	W32/S-5c6060b9!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Virut.NBP
APEX	Malicious
Cynet	Malicious (score: 100)
Avast	Sf:Virut-A [Trj]
Baidu	Win32.Virus.Virut.gen
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.fh
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Microsoft	Program:Win32/Wacapew.C!ml
Google	Detected
McAfee	Artemis!8B6D3E85AB5C
VBA32	suspected of Virus.Win32.Virut.1
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R03BH0CDU23
Rising	Trojan.Generic@AI.96 (RDMK:cmRtazq+Lv/J2o8Q8aCJ7RNvP8fJ)
Ikarus	Virus.Win32.Virut
Fortinet	W32/CoinMiner.F
AVG	Sf:Virut-A [Trj]
Cybereason	malicious.61c87b
DeepInstinct	MALICIOUS

How to remove FarFli.Backdoor.Bot.DDS?

FarFli.Backdoor.Bot.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X