Trojan

What is “Trojan.UserStartup.pmKfaau4j7jS”?

Malware Removal

The Trojan.UserStartup.pmKfaau4j7jS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.UserStartup.pmKfaau4j7jS virus can do?

  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys
  • Creates known Fynloski/DarkComet mutexes

Related domains:

triplekill.ddns.net

How to determine Trojan.UserStartup.pmKfaau4j7jS?



File Info:

crc32: 0FFF791A
md5: 532a6afb45c841f08a0ff9f104559334
name: 33.exe
sha1: 2fe9463e271b50907d72174992f4adf5c5c5eace
sha256: a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62
sha512: 313db495bc51449b94484e749a2bee932686fabdfcf2e1a6e2c8caa10fe034960408c2f6a9b90f31e3ae55a1881752fab4baf1bae1fc5d14cf073884c358e7a4
ssdeep: 6144:ecNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:ecWkbgTYWnYnt/IDYhP
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) 1999
InternalName: MSRSAAPP
FileVersion: 1, 0, 0, 1
CompanyName: Microsoft Corp.
Comments: Remote Service Application
ProductName: Remote Service Application
ProductVersion: 4, 0, 0, 0
FileDescription: Remote Service Application
OriginalFilename: MSRSAAP.EXE
Translation: 0x0409 0x04b0

Trojan.UserStartup.pmKfaau4j7jS also known as:

DrWebBackDoor.Tordev.9
MicroWorld-eScanGen:Trojan.UserStartup.pmKfaau4j7jS
FireEyeGeneric.mg.532a6afb45c841f0
CAT-QuickHealBackdoor.Fynloski.A9
McAfeeGeneric.gj
MalwarebytesBackdoor.Packed.DK
VIPREBackdoor.Win32.Fynloski.A (v)
SangforMalware
K7AntiVirusTrojan ( 004bc4d11 )
BitDefenderGen:Trojan.UserStartup.pmKfaau4j7jS
K7GWTrojan ( 004bc4d11 )
Cybereasonmalicious.b45c84
TrendMicroBKDR_FYNLOS.SMM
BitDefenderThetaAI:Packer.C91571D71C
F-ProtW32/Fynloski.BA
SymantecBackdoor.Breut!gm
TotalDefenseWin32/Fynloski.A!generic
APEXMalicious
ClamAVWin.Trojan.DarkKomet-1
GDataGen:Trojan.UserStartup.pmKfaau4j7jS
KasperskyBackdoor.Win32.DarkKomet.gwbu
NANO-AntivirusTrojan.Win32.Tordev.dgnepn
RisingBackdoor.Pontoeb!1.6637 (CLASSIC)
Ad-AwareGen:Trojan.UserStartup.pmKfaau4j7jS
EmsisoftBackdoor.DarkKomet (A)
ComodoTrojWare.Win32.Fynloski.B@57zt85
F-SecureBackdoor.BDS/Backdoor.Gen
BaiduWin32.Backdoor.Agent.l
ZillyaTrojan.Fynloski.Win32.742
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
Trapminemalicious.high.ml.score
CMCBackdoor.Win32.DarkKomet!O
SophosTroj/Fynlosk-AK
IkarusBackdoor.Win32.DarkKomet
CyrenW32/Fynloski.FWDO-2352
JiangminTrojan/Genome.bomw
WebrootW32.Trojan.Gen
AviraBDS/Backdoor.Gen
MAXmalware (ai score=82)
Endgamemalicious (moderate confidence)
ArcabitTrojan.UserStartup.pmKfaau4j7jS
SUPERAntiSpywareTrojan.Agent/Gen-Delf
ZoneAlarmBackdoor.Win32.DarkKomet.gwbu
MicrosoftVirTool:Win32/CeeInject.AJJ!bit
AhnLab-V3Win-Trojan/FCN.140610
Acronissuspicious
VBA32Backdoor.Tordev
ALYacGen:Trojan.UserStartup.pmKfaau4j7jS
TACHYONBackdoor/W32.DP-DarkKomet.674816.B
CylanceUnsafe
PandaTrj/Genetic.gen
ZonerTrojan.Win32.29578
ESET-NOD32a variant of Win32/Fynloski.AN
TrendMicro-HouseCallBKDR_FYNLOS.SMM
TencentBackdoor.Win32.DarkKomet.zem
YandexTrojan.Comet.Gen.LO
SentinelOneDFI – Malicious PE
FortinetW32/Generic.AC.DB56!tr
AVGWin32:Evo-gen [Susp]
AvastWin32:Evo-gen [Susp]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM11.1.C8A2.Malware.Gen

How to remove Trojan.UserStartup.pmKfaau4j7jS?

Trojan.UserStartup.pmKfaau4j7jS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment