The Trojan.RegistryDisabler.pmKfaWdzuRpS file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
What Trojan.RegistryDisabler.pmKfaWdzuRpS virus can do?
- Injection (inter-process)
- Injection with CreateRemoteThread in a remote process
- Attempts to connect to a dead IP:Port (1 unique times)
- Creates RWX memory
- A process attempted to delay the analysis task.
- A process created a hidden window
- Drops a binary and executes it
- The binary likely contains encrypted or compressed data.
- The executable is compressed using UPX
- Uses Windows utilities for basic functionality
- Deletes its original binary from disk
- Sniffs keystrokes
- Installs itself for autorun at Windows startup
- Creates a hidden or system file
- Operates on local firewall’s policies and settings
- Creates a copy of itself
- Interacts with known DarkComet registry keys
- Attempts to disable UAC
- Attempts to modify or disable Security Center warnings
- Creates known Fynloski/DarkComet mutexes
How to determine Trojan.RegistryDisabler.pmKfaWdzuRpS?
General:
Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS (B)
File Info:
Name: dalno.exe
Size: 258048
Type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5: 771d4ee9942585c70d733f1b3a756725
SHA1: 43be1ceca6e8a966f22f909ecede8a17de24a7aa
SH256: e891ac1ac38f68825ac43899d513dae488064b8f9ae5bba38f1e9ee597418a52
Version Info:
[No Data]
Trojan.RegistryDisabler.pmKfaWdzuRpS also known as:
ALYac | Backdoor.DarkKomet.gen |
APEX | Malicious |
Acronis | suspicious |
Ad-Aware | Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS |
AegisLab | Trojan.Win32.DarkKomet.mzOX |
AhnLab-V3 | Win-Trojan/FCN.140610 |
Alibaba | Backdoor:Win32/DarkKomet.8728aced |
Arcabit | Trojan.RegistryDisabler.pmKfaWdzuRpS |
Avira | BDS/Backdoor.Gen |
Baidu | Win32.Backdoor.Agent.l |
BitDefender | Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS |
BitDefenderTheta | AI:Packer.DBA462701C |
Bkav | W32.BitwanD.Trojan |
CAT-QuickHeal | Backdoor.Fynloski.A9 |
CMC | Backdoor.Win32.DarkKomet!O |
ClamAV | Win.Trojan.DarkKomet-1 |
Comodo | TrojWare.Win32.Fynloski.B@57zt85 |
CrowdStrike | win/malicious_confidence_100% (W) |
Cybereason | malicious.994258 |
Cylance | Unsafe |
Cyren | W32/Fynloski.FWDO-2352 |
DrWeb | BackDoor.Tordev.9 |
ESET-NOD32 | a variant of Win32/Fynloski.AN |
Emsisoft | Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS (B) |
FireEye | Generic.mg.771d4ee9942585c7 |
Fortinet | W32/Generic.AC.DB56!tr |
GData | Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS |
Ikarus | Backdoor.Win32.DarkKomet |
Invincea | heuristic |
Jiangmin | Trojan/Genome.bomw |
K7AntiVirus | Trojan ( 004bc4d11 ) |
K7GW | Trojan ( 004bc4d11 ) |
MAX | malware (ai score=100) |
Malwarebytes | Backdoor.Packed.DK |
McAfee-GW-Edition | BehavesLike.Win32.Backdoor.dc |
MicroWorld-eScan | Gen:Trojan.RegistryDisabler.pmKfaWdzuRpS |
NANO-Antivirus | Trojan.Win32.Tordev.dgnepn |
Paloalto | generic.ml |
Panda | Trj/Genetic.gen |
Qihoo-360 | HEUR/QVM11.1.287D.Malware.Gen |
Rising | Backdoor.Pontoeb!1.6637 (CLASSIC) |
SUPERAntiSpyware | Trojan.Agent/Gen-Delf |
SentinelOne | DFI – Malicious PE |
Sophos | Troj/Fynlosk-AK |
Symantec | Backdoor.Breut!gm |
TACHYON | Backdoor/W32.DP-DarkKomet.674304.B |
Tencent | Backdoor.Win32.DarkKomet.zem |
TotalDefense | Win32/Fynloski.A!generic |
TrendMicro | BKDR_FYNLOS.SMM |
TrendMicro-HouseCall | BKDR_FYNLOS.SMM |
VBA32 | Backdoor.Tordev |
VIPRE | Backdoor.Win32.Fynloski.A (v) |
ViRobot | Trojan.Win32.Z.Fynloski.258048.DGU |
Yandex | Trojan.Comet.Gen.LO |
Zillya | Trojan.Fynloski.Win32.742 |
ZoneAlarm | Backdoor.Win32.DarkKomet.gwbu |
Zoner | Trojan.Win32.29578 |
eGambit | RAT.DarkComet |
How to remove Trojan.RegistryDisabler.pmKfaWdzuRpS?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment