Trojan

Trojan.TaskDisabler.omuaaS63Nlbe removal instruction

Malware Removal

The Trojan.TaskDisabler.omuaaS63Nlbe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.TaskDisabler.omuaaS63Nlbe virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to identify installed AV products by registry key
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys
  • Creates known Fynloski/DarkComet mutexes

How to determine Trojan.TaskDisabler.omuaaS63Nlbe?



File Info:

crc32: 18D1D7E9
md5: 2c92fa8e43a76c9e0ce8f0bfaabf1c33
name: defense2.exe
sha1: a094988f5ef3e42f032de97d1770e314ed672502
sha256: 08aacd7ef1a400cc83e1a3f70c77057d993887b856e65499736bc4959282b79f
sha512: 10fbb628fa0ab0bee1e4864b10410ad7b21be6091634e3a93041c912ce14dd96056bfcfcd0cc7e8a44bdbc8f7e72729b9316615bd1e1d8e1cf76827abdddabc0
ssdeep: 6144:pYLVBjW718MqFzc1jKr9texFv3l/TusFEBOnIS:iP671TozcdyevNT/eOI
type: MS-DOS executable, MZ for MS-DOS


Version Info:

LegalCopyright: Copyright (C) 1999
InternalName: MSRSAAPP
FileVersion: 1, 0, 0, 1
CompanyName: Microsoft Corp.
Comments: Remote Service Application
ProductName: Remote Service Application
ProductVersion: 4, 0, 0, 0
FileDescription: Remote Service Application
OriginalFilename: MSRSAAP.EXE
Translation: 0x0409 0x04b0

Trojan.TaskDisabler.omuaaS63Nlbe also known as:

BkavW32.AIDetectVM.malware1
DrWebBackDoor.Tordev.8
MicroWorld-eScanGen:Trojan.TaskDisabler.omuaaS63Nlbe
FireEyeGeneric.mg.2c92fa8e43a76c9e
Qihoo-360Win32/Backdoor.DarkKomet.B
McAfeeGeneric BackDoor.yl
CylanceUnsafe
ZillyaBackdoor.DarkKomet.Win32.34787
SangforMalware
K7AntiVirusTrojan ( 005376ae1 )
BitDefenderGen:Trojan.TaskDisabler.omuaaS63Nlbe
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.e43a76
Invinceaheuristic
BitDefenderThetaAI:Packer.E9082A181C
F-ProtW32/S-777a0fdc!Eldorado
SymantecBackdoor.Breut!gm
APEXMalicious
AvastWin32:GenMalicious-ICH [Trj]
ClamAVWin.Trojan.DarkKomet-1
GDataGen:Trojan.TaskDisabler.omuaaS63Nlbe
KasperskyBackdoor.Win32.DarkKomet.gwbu
AlibabaBackdoor:Win32/Fynloski.7b343c9c
AegisLabTrojan.Win32.DarkKomet.lnxL
TencentBackdoor.Win32.DarkKomet.zem
Endgamemalicious (high confidence)
SophosMal/Behav-010
ComodoTrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
F-SecureBackdoor.BDS/Backdoor.Gen
BaiduWin32.Backdoor.Agent.l
TrendMicroBKDR_FYNLOS.SMM
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.TaskDisabler.omuaaS63Nlbe (B)
IkarusBackdoor.Win32.Fynloski
CyrenW32/S-777a0fdc!Eldorado
JiangminTrojan/Generic.afkli
WebrootW32.Rogue.Gen
AviraBDS/Backdoor.Gen
MAXmalware (ai score=86)
Antiy-AVLTrojan[Backdoor]/Win32.DarkKomet
ArcabitTrojan.TaskDisabler.omuaaS63Nlbe
SUPERAntiSpywareTrojan.Agent/Gen-DarkKomet
ZoneAlarmBackdoor.Win32.DarkKomet.gwbu
MicrosoftBackdoor:Win32/Fynloski
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/FCN.140610.X1341
Acronissuspicious
VBA32Backdoor.Tordev
ALYacGen:Trojan.TaskDisabler.omuaaS63Nlbe
TACHYONBackdoor/W32.DarkKomet.240640
Ad-AwareGen:Trojan.TaskDisabler.omuaaS63Nlbe
MalwarebytesBackdoor.DarkComet
PandaTrj/Genetic.gen
ZonerTrojan.Win32.88734
ESET-NOD32Win32/Fynloski.AS
TrendMicro-HouseCallBKDR_FYNLOS.SMM
RisingBackdoor.Pontoeb!1.6637 (CLOUD)
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic.AC.1644!tr
AVGWin32:GenMalicious-ICH [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureBackdoor.W32.DarkKomet.aagr

How to remove Trojan.TaskDisabler.omuaaS63Nlbe?

Trojan.TaskDisabler.omuaaS63Nlbe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment