Spy Trojan

Trojan-Spy.Win32.Recam.afrm information

Malware Removal

The Trojan-Spy.Win32.Recam.afrm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Recam.afrm virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan-Spy.Win32.Recam.afrm?



File Info:

crc32: 619736AD
md5: cced3eef95ddb0061359f4e7d8cc86ad
name: CCED3EEF95DDB0061359F4E7D8CC86AD.mlw
sha1: 79726ffe3e6674e58e0fdb3b5d5d30cd1ed4f50c
sha256: 214f41703595c5130b6f6919bc30ca9971d4c8d29de5fc045e14691761a4e582
sha512: f2612137dce4de33ffd5312f169b5a9e8e45d4db605f7cf180d12fdb89d18499dba93e2f67bb592ac855d961a3f64e367ff35e5480a7134234a3024507b2ee3a
ssdeep: 6144:7hnMIa7EZnc7C9zztle9spThUayJPD6a:UPx
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: TableTextService.dll
FileVersion: 6.01.7600
CompanyName: Microsoft Corporation 
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.01.7600
FileDescription: Microsoft Table Driven Text Input Processor
OriginalFilename: TableTextService.dll.mui

Trojan-Spy.Win32.Recam.afrm also known as:

K7AntiVirusSpyware ( 004b89b01 )
LionicTrojan.Win32.Recam.l!c
Elasticmalicious (high confidence)
DrWebBackDoor.Wirenet.187
CynetMalicious (score: 100)
ALYacGen:Heur.PonyStealer.sm0@c8yHbEei
CylanceUnsafe
ZillyaTrojan.Weecnaw.Win32.412
SangforBackdoor.Win32.NetWiredRC.8
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanSpy:Win32/Recam.7d75f5b5
K7GWSpyware ( 004b89b01 )
Cybereasonmalicious.f95ddb
CyrenW32/Zbot.YX.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32Win32/Spy.Weecnaw.A
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Ponystealer-7605913-0
KasperskyTrojan-Spy.Win32.Recam.afrm
BitDefenderGen:Heur.PonyStealer.sm0@c8yHbEei
NANO-AntivirusTrojan.Win32.Recam.erprtl
MicroWorld-eScanGen:Heur.PonyStealer.sm0@c8yHbEei
TencentMalware.Win32.Gencirc.11497bc7
Ad-AwareGen:Heur.PonyStealer.sm0@c8yHbEei
SophosMal/Generic-S
ComodoMalware@#2muop35hisslh
BitDefenderThetaGen:NN.ZevbaF.34294.sm0@a8yHbEei
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPLOKI.SMDS
McAfee-GW-EditionBehavesLike.Win32.Fareit.dz
FireEyeGeneric.mg.cced3eef95ddb006
EmsisoftGen:Heur.PonyStealer.sm0@c8yHbEei (B)
AviraTR/AD.NetWiredRc.zzzkw
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.216E757
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftVirTool:Win32/VBInject.AGV!bit
GDataGen:Heur.PonyStealer.sm0@c8yHbEei
AhnLab-V3Trojan/Win32.NetWiredRC.C2250652
McAfeeArtemis!CCED3EEF95DD
MAXmalware (ai score=100)
VBA32TrojanSpy.Recam
PandaTrj/GdSda.A
TrendMicro-HouseCallTSPY_HPLOKI.SMDS
YandexTrojanSpy.Recam!aKwQBqPvyX8
IkarusTrojan.VB.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GuLoader.VHJC!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan-Spy.Win32.Recam.afrm?

Trojan-Spy.Win32.Recam.afrm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment