Categories: PUA

PUP.Optional.RemoteUtilities removal

The PUP.Optional.RemoteUtilities is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUP.Optional.RemoteUtilities virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Detected script timer window indicative of sleep style evasion
A process attempted to delay the analysis task.
Starts servers listening on 0.0.0.0:5650, :0
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Russian
A scripting utility was executed
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

rmansys.ru

How to determine PUP.Optional.RemoteUtilities?


File Info:
crc32: 8A302B50md5: c8bab7efcb4909475ff4679da10dd7afname: iidking-v2.02.exesha1: cd452cc559b2fb8adb47a8245d74487528b6ee23sha256: 4075d90a29837ef0ee744c2d46f1564465531ab85e364215a8ebf6e7a42d466fsha512: 5bd81d4282259d0652039d3eae3c361b66427fa9bbb6591a3df00a8b483e785ecf89f2a571f0e78429d805dfe839ca8af4d9cbf986e76878ba8166d431c4242cssdeep: 98304:QRbO+9C4sbQaAIsKX1zBW495AnV+w8HIrToe2Z4063M9F:QRb5CpUQzBL98VSorTonZ4M9Ftype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

PUP.Optional.RemoteUtilities also known as:

MicroWorld-eScan	Trojan.ScriptKD.3611
FireEye	Generic.mg.c8bab7efcb490947
McAfee	Artemis!C8BAB7EFCB49
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 005592cb1 )
BitDefender	Trojan.ScriptKD.3611
K7GW	Trojan ( 005592cb1 )
Cybereason	malicious.fcb490
Invincea	heuristic
Baidu	VBS.Worm.Agent.qi
F-Prot	W32/S-dfb0798e!Eldorado
Symantec	Trojan.Gen.6
APEX	Malicious
Avast	BV:Rdesktop-B [PUP]
ClamAV	Win.Malware.Scriptkd-7012512-0
GData	Win32.Riskware.RemoteAdmin.F
Kaspersky	Backdoor.Win32.RMS.pn
NANO-Antivirus	Trojan.Win32.RemoteAdmin.ebggff
Rising	Trojan.Kryptik!1.B2F2 (CLASSIC)
Endgame	malicious (high confidence)
Emsisoft	Trojan.ScriptKD.3611 (B)
Comodo	Malware@#29cq4bijhse5d
F-Secure	Backdoor.BDS/Backdoor.Gen2
DrWeb	BackDoor.RMS.82
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	PUA_RADMIN
McAfee-GW-Edition	BehavesLike.Win32.AdwareLinkury.rc
Trapmine	malicious.high.ml.score
Sophos	Remote Manipulator System (PUA)
Ikarus	not-a-virus:RemoteAdmin.RU
Cyren	W32/S-deaeb957!Eldorado
Avira	BDS/Backdoor.Gen2
MAX	malware (ai score=99)
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.RMS
Microsoft	HackTool:Win32/Rabased
Arcabit	Trojan.ScriptKD.DE1B
ZoneAlarm	Backdoor.Win32.RMS.pn
AhnLab-V3	Malware/Win32.RL_Generic.R287629
BitDefenderTheta	Gen:NN.ZexaF.34104.T10bam4AZIjk
VBA32	Backdoor.RMS
Malwarebytes	PUP.Optional.RemoteUtilities
Panda	Trj/CI.A
ESET-NOD32	Win32/RemoteUtilities.A
TrendMicro-HouseCall	PUA_RADMIN
Tencent	Win32.Backdoor.Rms.Taow
Yandex	Riskware.RemoteAdmin!
Fortinet	WM/Moat.84AAD2A4!tr
AVG	BV:Rdesktop-B [PUP]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win32/Trojan.Script.371