Trojan

Trojan.RegistryDisabler.pmKfaWdzuRpS removal tips

Malware Removal

The Trojan.RegistryDisabler.pmKfaWdzuRpS file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan.RegistryDisabler.pmKfaWdzuRpS virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Creates known Fynloski/DarkComet mutexes

How to determine Trojan.RegistryDisabler.pmKfaWdzuRpS?



General:

Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS (B)



File Info:


Name: dalno.exe
Size: 258048
Type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5: 771d4ee9942585c70d733f1b3a756725
SHA1: 43be1ceca6e8a966f22f909ecede8a17de24a7aa
SH256: e891ac1ac38f68825ac43899d513dae488064b8f9ae5bba38f1e9ee597418a52


Version Info:

[No Data]

Trojan.RegistryDisabler.pmKfaWdzuRpS also known as:

ALYacBackdoor.DarkKomet.gen
APEXMalicious
Acronissuspicious
Ad-AwareGen:Trojan.RegistryDisabler.pmKfaWdzuRpS
AegisLabTrojan.Win32.DarkKomet.mzOX
AhnLab-V3Win-Trojan/FCN.140610
AlibabaBackdoor:Win32/DarkKomet.8728aced
ArcabitTrojan.RegistryDisabler.pmKfaWdzuRpS
AviraBDS/Backdoor.Gen
BaiduWin32.Backdoor.Agent.l
BitDefenderGen:Trojan.RegistryDisabler.pmKfaWdzuRpS
BitDefenderThetaAI:Packer.DBA462701C
BkavW32.BitwanD.Trojan
CAT-QuickHealBackdoor.Fynloski.A9
CMCBackdoor.Win32.DarkKomet!O
ClamAVWin.Trojan.DarkKomet-1
ComodoTrojWare.Win32.Fynloski.B@57zt85
CrowdStrikewin/malicious_confidence_100% (W)
Cybereasonmalicious.994258
CylanceUnsafe
CyrenW32/Fynloski.FWDO-2352
DrWebBackDoor.Tordev.9
ESET-NOD32a variant of Win32/Fynloski.AN
EmsisoftGen:Trojan.RegistryDisabler.pmKfaWdzuRpS (B)
FireEyeGeneric.mg.771d4ee9942585c7
FortinetW32/Generic.AC.DB56!tr
GDataGen:Trojan.RegistryDisabler.pmKfaWdzuRpS
IkarusBackdoor.Win32.DarkKomet
Invinceaheuristic
JiangminTrojan/Genome.bomw
K7AntiVirusTrojan ( 004bc4d11 )
K7GWTrojan ( 004bc4d11 )
MAXmalware (ai score=100)
MalwarebytesBackdoor.Packed.DK
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
MicroWorld-eScanGen:Trojan.RegistryDisabler.pmKfaWdzuRpS
NANO-AntivirusTrojan.Win32.Tordev.dgnepn
Paloaltogeneric.ml
PandaTrj/Genetic.gen
Qihoo-360HEUR/QVM11.1.287D.Malware.Gen
RisingBackdoor.Pontoeb!1.6637 (CLASSIC)
SUPERAntiSpywareTrojan.Agent/Gen-Delf
SentinelOneDFI – Malicious PE
SophosTroj/Fynlosk-AK
SymantecBackdoor.Breut!gm
TACHYONBackdoor/W32.DP-DarkKomet.674304.B
TencentBackdoor.Win32.DarkKomet.zem
TotalDefenseWin32/Fynloski.A!generic
TrendMicroBKDR_FYNLOS.SMM
TrendMicro-HouseCallBKDR_FYNLOS.SMM
VBA32Backdoor.Tordev
VIPREBackdoor.Win32.Fynloski.A (v)
ViRobotTrojan.Win32.Z.Fynloski.258048.DGU
YandexTrojan.Comet.Gen.LO
ZillyaTrojan.Fynloski.Win32.742
ZoneAlarmBackdoor.Win32.DarkKomet.gwbu
ZonerTrojan.Win32.29578
eGambitRAT.DarkComet

How to remove Trojan.RegistryDisabler.pmKfaWdzuRpS?

Trojan.RegistryDisabler.pmKfaWdzuRpS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment