Malware

RemoteAdmin.Win32.Ammyy.vho removal instruction

Malware Removal

The RemoteAdmin.Win32.Ammyy.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RemoteAdmin.Win32.Ammyy.vho virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine RemoteAdmin.Win32.Ammyy.vho?



File Info:

name: C9EB85A8BAA8A83C9134.mlw
path: /opt/CAPEv2/storage/binaries/f78d577c461d46ed7c5bf0e9b795f0f421807f27d1dfa0069bbc1e33be9295cb
crc32: 93954CCD
md5: c9eb85a8baa8a83c91349771ab61c48d
sha1: 361f886ef7e6456e23077aa082e69804c448d1d3
sha256: f78d577c461d46ed7c5bf0e9b795f0f421807f27d1dfa0069bbc1e33be9295cb
sha512: b8bdc91e77f45c10dbf839ced5e8bcf9eb3af2f4b4ae52a3f493bed86efd0f4a74177caa49040e444d9b5e210fb985770715fbb45807fd8316eb740848d8e4d6
ssdeep: 98304:Bt1SdEmRurxwO8nOYj+x71N/d6vNh0VkEfat6oFCWc63D6Y81IPS:BtAEmRur65+KAkxur6GY3S
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1D276AE5676F840F9D07AC235C9968A4BD2F278910B31CBCF40911AAD2F77AE14D3EB61
sha3_384: a7dd471616bc31d6e055360e421002dd6cd34655d4cceefd1080e493dc6648d3590c24de888b301cd22445f38b8c71db
ep_bytes: 4883ec28e8fb1f00004883c428e952fe
timestamp: 2013-08-27 19:10:46


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.2.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2013 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.2.0.0
Translation: 0x0409 0x04e4

RemoteAdmin.Win32.Ammyy.vho also known as:

ZillyaTool.Ammyy.Win32.1923
APEXMalicious
Kasperskynot-a-virus:HEUR:RemoteAdmin.Win32.Ammyy.vho
MicrosoftTrojan:Win32/Sabsik.FL.B!ml

How to remove RemoteAdmin.Win32.Ammyy.vho?

RemoteAdmin.Win32.Ammyy.vho removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment