Malware

RemoteAdmin.Win32.WinVNC-based.h removal tips

Malware Removal

The RemoteAdmin.Win32.WinVNC-based.h is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RemoteAdmin.Win32.WinVNC-based.h virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it

Related domains:

SERVER.CROSSLOOP.COM

How to determine RemoteAdmin.Win32.WinVNC-based.h?


File Info:

crc32: DFDE7C6B
md5: 5694dc92bc0440fe04e9f59a625ac816
name: crossloop.exe
sha1: 859fd7e7dd9f9e8888c647a1e3089a5f3f9a6431
sha256: d98c56edd24f8823aa2a5dca9b833c9833e0e615b53648f3e4dfa85412c191a9
sha512: c1d8142980277ec50e997b6135ed956312beb8fabfa6e4d218111004efde59a1ceb20d1653db6658a0f49c4b0240e5297af3d52f75b0833a9dbdfdfd151b5590
ssdeep: 49152:gGDKZ3V8YKplursUfqaqtJXCk5UmM/PUGWmTfQ7XFx0ypOeP1bNkW:9DgF8zHurzfctN/UmWPUG5TOXFx0ypOk
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (c) 2004-8 CrossLoop Inc, All rights reserved.
FileDescription: CrossLoop - Simple Secure Screen Sharing
FileVersion: CrossLoop 2.31
Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: CrossLoop, Inc.
Translation: 0x0409 0x04e4

RemoteAdmin.Win32.WinVNC-based.h also known as:

DrWebProgram.RemoteAdmin
CylanceUnsafe
SangforMalware
Kasperskynot-a-virus:RemoteAdmin.Win32.WinVNC-based.h
AlibabaRiskWare:Win32/WinVNC-based.9e7c2570
NANO-AntivirusRiskware.Win32.RemoteAdmin.cvzmpy
AegisLabRiskware.Win32.WinVNC-based.1!c
Antiy-AVLRiskWare[RemoteAdmin]/Win32.WinVNC-based.b
ZoneAlarmnot-a-virus:RemoteAdmin.Win32.WinVNC-based.h
MicrosoftProgram:Win32/Vigram.A
RisingMalware.Undefined!8.C (CLOUD)
eGambitnot-a-virus:Generic.Malware
Qihoo-360Win32/Virus.RemoteAdmin.3d1

How to remove RemoteAdmin.Win32.WinVNC-based.h?

RemoteAdmin.Win32.WinVNC-based.h removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment