Malware

PHP:BackDoor-BU [Trj] (file analysis)

Malware Removal

The PHP:BackDoor-BU [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PHP:BackDoor-BU [Trj] virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Uses Windows utilities for basic functionality
  • A potential decoy document was displayed to the user
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine PHP:BackDoor-BU [Trj]?



File Info:

crc32: 2D9AF4C7
md5: 6d78b707a58ed77d82b334b041f057bb
name: upload_file
sha1: 99495e18b0c4387440bb04f526abd8745c7d4d36
sha256: cf4bdff8652e4e5128f1a551c03b2c62ae2fcd6b6471ba34365813893aa9c74e
sha512: 8214708f175330e5a53419ab5a09abeb25c5a8709bbee2a99e9fb2e7fdced97b7ad991fc83d389d521cc04f9819cd96c5a25e869948b1bfcd052f0b2aafc93a3
ssdeep: 1536:FMKmMmBwNuXKLSZPR5YTcy9MQKw3rpI4pSkAl49L9P7gD:FGMCR69Kw324pzJQ
type: PHP script, UTF-8 Unicode text, with very long lines, with CRLF line terminators


Version Info:

0: [No Data]

PHP:BackDoor-BU [Trj] also known as:

BkavVEX.Webshell
MicroWorld-eScanBackdoor.PHP.WebShell.BD
SangforMalware
BaiduPHP.Backdoor.WebShell.y
AvastPHP:BackDoor-BU [Trj]
KasperskyTrojan.PHP.Agent.vf
BitDefenderBackdoor.PHP.WebShell.BD
NANO-AntivirusTrojan.Script.WebShell.fgjclq
TencentBk.YDWebShell.PHP.BackdoorGen.11100802
Ad-AwareBackdoor.PHP.WebShell.BD
ComodoTrojWare.PHP.WebShell.NAH@818kmp
DrWebPHP.Shell.26
FireEyeBackdoor.PHP.WebShell.BD
MicrosoftBackdoor:PHP/Webshell.G!MSR
ArcabitBackdoor.PHP.WebShell.BD
ZoneAlarmTrojan.PHP.Agent.vf
GDataBackdoor.PHP.WebShell.BD
AhnLab-V3PHP/Webshell.S5
ALYacBackdoor.PHP.WebShell.BD
MAXmalware (ai score=84)
ESET-NOD32PHP/WebShell.NGH
RisingBackdoor.WebShell-1251/PHP!1.A59F (CLASSIC)
IkarusBackdoor.PHP.WebShell
FortinetBAT/WebShell.BD!tr
AVGPHP:BackDoor-BU [Trj]
Qihoo-360php.script.spyeyes.1

How to remove PHP:BackDoor-BU [Trj]?

PHP:BackDoor-BU [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment