Malware

About “RemoteAdmin.Win32.WinVNC.aha” infection

Malware Removal

The RemoteAdmin.Win32.WinVNC.aha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RemoteAdmin.Win32.WinVNC.aha virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX

Related domains:

romekwork.dyndns.org

How to determine RemoteAdmin.Win32.WinVNC.aha?



File Info:

crc32: 52DA98E6
md5: 203dc4fe13992948d8bbc9404a31af67
name: remote.exe
sha1: 8dd7fe86fb356c00b7efe457e50fc31b4d5f68e6
sha256: 98a2874ca78f95a0be6504694c0b23171cee70bec151c46db3d4b812a871cf22
sha512: 90f7bea66798e318b6bbee861aebd91843c873429c0f1707ba0e30a0459f89456679c450df919e7738085c105e6266c5815ec47321d2f87a371b5ac973913e67
ssdeep: 3072:Vo/lri4GAA9926Z2jjzExEOLQCSElYh6XJS255YDF+HtQ:e8dF3E4zlRS25Gh+e
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) UltraVnc
InternalName: UltraVncSC
FileVersion: 4, 10, 0, 1
CompanyName: UltraVnc
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: UltraVncSC
SpecialBuild: 
ProductVersion: 4, 10, 0, 1
FileDescription: UltraVnc Self-Extract Setup
OriginalFilename: UltraVncSC
Translation: 0x0409 0x04b0

RemoteAdmin.Win32.WinVNC.aha also known as:

CMCRemoteAdmin.Win32.WinVNC-based!O
CylanceUnsafe
TheHackerTrojan/Buzus.bpyo
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9624
Paloaltogeneric.ml
Kasperskynot-a-virus:RemoteAdmin.Win32.WinVNC.aha
NANO-AntivirusTrojan.Win32.RemoteAdmin.dbygae
Endgamemalicious (moderate confidence)
CyrenW32/Trojan.TWUE-0839
JiangminRemoteAdmin.WinVNC.cs
WebrootW32.Rimecud.Gen
Antiy-AVLRiskWare[RemoteAdmin]/Win32.WinVNC.aha
AegisLabRemoteAdmin.W32.WinVNC.aha!c
ZoneAlarmnot-a-virus:RemoteAdmin.Win32.WinVNC.aha
RisingMalware.Heuristic!ET#98% (rdm+)
SentinelOnestatic engine – malicious

How to remove RemoteAdmin.Win32.WinVNC.aha?

RemoteAdmin.Win32.WinVNC.aha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment