About "RemoteAdmin.Win32.Generic" infection

The RemoteAdmin.Win32.Generic is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What RemoteAdmin.Win32.Generic virus can do?

Attempts to connect to a dead IP:Port (4 unique times)
A process attempted to delay the analysis task.
Starts servers listening on 0.0.0.0:5931
Reads data out of its own binary image
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Queries information on disks, possibly for anti-virtualization
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Anomalous binary characteristics

Related domains:

rl.ammyy.com

www.ammyy.com

apps.identrust.com

isrg.trustid.ocsp.identrust.com

ocsp.int-x3.letsencrypt.org

How to determine RemoteAdmin.Win32.Generic?


File Info:
crc32: A3312AD8
md5: aed3f0916a46993807451ef47834b008
name: ammyy.exe
sha1: c46d281b60b0d10b4a80b7e61237da1f1b77d622
sha256: 949f9f106f9256fea3780cecd7c9d4369d3c5cb2e5acb2077b5c49534458d766
sha512: 9f3490f91e93f454d8f82a4a9e868704b1db3d68fdb23c29ea79a9bea41044015e844a5257f6720f0a0018ee64d7ebe0b6602c09704b4ecb77b11b850478fa1a
ssdeep: 12288:zXe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+Cgs5wh:DtkmHEgSewkmchJGsORtn9qT8+Yg03/9
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 
InternalName: Ammyy Admin
FileVersion: 3.7
CompanyName: Ammyy LLC
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Ammyy Admin
SpecialBuild: 
ProductVersion: 3.7
FileDescription: Ammyy Admin
OriginalFilename: 
Translation: 0x0409 0x04b0

RemoteAdmin.Win32.Generic also known as:

MicroWorld-eScan	Gen:Variant.Application.RemoteAdmin.6
CAT-QuickHeal	Trojan.IGENERIC
K7GW	Unwanted-Program ( 004b889d1 )
K7AntiVirus	Unwanted-Program ( 004b889d1 )
Invincea	heuristic
Cyren	W32/Trojan.BNAT-4033
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R007H0CLO18
Avast	FileRepMalware [PUP]
Kaspersky	not-a-virus:HEUR:RemoteAdmin.Win32.Generic
BitDefender	Gen:Variant.Application.RemoteAdmin.6
NANO-Antivirus	Riskware.Win32.RemoteAdmin.fhmdgm
Paloalto	generic.ml
Rising	Malware.Unwaders!8.FFE4 (CLOUD)
Ad-Aware	Gen:Variant.Application.RemoteAdmin.6
Sophos	Generic PUA ME (PUA)
Comodo	ApplicUnwnt@#2i60h7ro4mfkx
DrWeb	Program.RemoteAdmin.869
McAfee-GW-Edition	BehavesLike.Win32.RemAdmAmmyy.bh
Emsisoft	Gen:Variant.Application.RemoteAdmin.6 (B)
SentinelOne	static engine – malicious
Jiangmin	RemoteAdmin.Ammyy.es
Webroot	W32.Trojan.Ra
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.Ammyy
Microsoft	Program:Win32/Vigram.A
Endgame	malicious (high confidence)
Arcabit	Trojan.Application.RemoteAdmin.6
ZoneAlarm	not-a-virus:HEUR:RemoteAdmin.Win32.Generic
GData	Win32.Riskware.RemoteAdmin.A
AhnLab-V3	Unwanted/Win32.RemoteAdmin.R239547
Acronis	suspicious
McAfee	RemAdm-Ammyy
Cylance	Unsafe
ESET-NOD32	a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe
Yandex	Riskware.RemoteAdmin!
eGambit	RAT.Ammyy
Fortinet	Riskware/RemoteAdmin_Ammyy
AVG	FileRepMalware [PUP]
Cybereason	malicious.16a469
Panda	Trj/CI.A
CrowdStrike	malicious_confidence_100% (D)
Qihoo-360	Win32/Virus.RemoteAdmin.af5

How to remove RemoteAdmin.Win32.Generic?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “RemoteAdmin.Win32.Generic” infection