Rimecud.12 removal instruction

The Rimecud.12 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Rimecud.12 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Executed a process and injected code into it, probably while unpacking
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

Related domains:

slade.safehousenumber.com

murik.portal-protection.net.ru

world.rickstudio.ru

banana.cocolands.su

portal.roomshowerbord.com

How to determine Rimecud.12?


File Info:
crc32: 7EDC8E78
md5: 7975a0f74804ad0fbfbad121dc890ff8
name: 7975A0F74804AD0FBFBAD121DC890FF8.mlw
sha1: 692237412f3aa36257833ea3df4b101e92b6c90b
sha256: 5656829d1bcccaf4110441c6f8e73097a8b6095501a46b0e6c0fc4081e21e4f0
sha512: ce00bc915953f2f46776891a9f32026770edf1d8e884fa492329b4bdaafe92221a2a377313303bd92004502a7d162e0e87c3f99114ed5b8d4ccaee2cf968e916
ssdeep: 3072:twU/1jZtmM4/6OvbLFgXUIvl6dF41FIsqOmZuhkT8l:dcM4iQb4odF41FH
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
LegalCopyright: Copyright (C) 1995-2012 Trend Micro Incorporated. All rights reserved.
InternalName: 7zsfx.exe
FileVersion: 17.50.0.1366
CompanyName: Trend Micro Inc.
PrivateBuild: Build 1366 - 7/29/2009
LegalTrademarks: Copyright (C) Trend Micro Inc.
Comments: 
ProductName: Trend Micro Internet Security
SpecialBuild: 1366
ProductVersion: 17.50
FileDescription: Trend Micro AntiVirus Plus AntiSpyware
OriginalFilename: 7zsfx.exe
Translation: 0x0409 0x04e4

Rimecud.12 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0040f0501 )
Elastic	malicious (high confidence)
DrWeb	Win32.HLLW.Autoruner.44048
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Rimecud.U
ALYac	Gen:Variant.Rimecud.12
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.199017
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Trojan ( 0040f0501 )
Cybereason	malicious.74804a
Cyren	W32/Rimecud.Y.gen!Eldorado
Symantec	W32.Pilleuz!gen30
ESET-NOD32	a variant of Win32/Kryptik.AQZY
Zoner	Probably Heur.ExeHeaderH
APEX	Malicious
Avast	Win32:FoldRun-C [Trj]
Kaspersky	HEUR:Worm.Win32.Generic
BitDefender	Gen:Variant.Rimecud.12
NANO-Antivirus	Trojan.Win32.Autoruner.csytav
MicroWorld-eScan	Gen:Variant.Rimecud.12
Tencent	Trojan.Win32.Rimecud.aa
Ad-Aware	Gen:Variant.Rimecud.12
Sophos	ML/PE-A + Troj/HkMain-CT
Comodo	TrojWare.Win32.Rimecud.aymf@4m0ay1
BitDefenderTheta	Gen:NN.ZexaF.34266.im0@aSsA98ki
VIPRE	Trojan.Win32.Rimecud.m (v)
TrendMicro	WORM_RIMECUD.SMW
McAfee-GW-Edition	PWS-Zbot.gen.aqo
FireEye	Generic.mg.7975a0f74804ad0f
Emsisoft	Gen:Variant.Rimecud.12 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Injector.Gen
Avira	WORM/Rimecud.aymb
Antiy-AVL	Trojan/Generic.ASMalwS.7C6579
Microsoft	Trojan:Win32/Rimecud.A
Arcabit	Trojan.Rimecud.12
SUPERAntiSpyware	Trojan.Agent/Gen-Rimecud
GData	Gen:Variant.Rimecud.12
AhnLab-V3	Trojan/Win32.Inject.R43586
Acronis	suspicious
McAfee	PWS-Zbot.gen.aqo
MAX	malware (ai score=87)
VBA32	Malware-Cryptor.Bambarbiya
TrendMicro-HouseCall	WORM_RIMECUD.SMW
Rising	Worm.Rimecud!1.9924 (CLASSIC)
Yandex	Trojan.Kryptik!8iiiGAIhN98
Ikarus	Virus.Win32.Cryptor
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.EQMA!tr
AVG	Win32:FoldRun-C [Trj]
Paloalto	generic.ml

How to remove Rimecud.12?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Rimecud.12 removal instruction