Trojan

About “TrojanDownloader.BAT.RemoteAdmin” infection

Malware Removal

The TrojanDownloader.BAT.RemoteAdmin is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader.BAT.RemoteAdmin virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs

How to determine TrojanDownloader.BAT.RemoteAdmin?



File Info:

crc32: BDAF60E7
md5: f173c344b00b26ac42756404dfd5b3b9
name: setupportforwardnetworkutilities.exe
sha1: 21c5ebc09e378b6d7eda6f4fde5685c3813875b5
sha256: fc3c7e07734e2ec24bcb7f0aed7bd64071c3f3cd556a2dc650b63178bb8710c6
sha512: be5cf00bba0857d77e4e577d9e01811f0b9b51710429be9c166d41f96626d294527568fdc294d3c3ad9f33ebf7e5d1b84a6b8cc7e55cca57f7132aacbe7fdd58
ssdeep: 49152:KcsQ6QVYXDixKe95XCMwWrOJ8+7dnzqMmwN0o:K1QTiXDc/95XCM8d4D2h
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Portforward, LLC                                            
Comments: This installation was built with Inno Setup.
ProductName: Port Forward Network Utilities                              
ProductVersion: 3.3.0.0                                           
FileDescription: Port Forward Network Utilities Setup                        
OriginalFileName:                                                   
Translation: 0x0000 0x04b0

TrojanDownloader.BAT.RemoteAdmin also known as:

CAT-QuickHealTrojan.Riskware
Qihoo-360Win32/Trojan.Downloader.a34
McAfeeArtemis!F173C344B00B
AegisLabTrojan.BAT.RemoteAdmin.a!c
SangforMalware
CyrenW32/Trojan.NHGF-8206
TencentBat.Trojan-downloader.Remoteadmin.Ebgd
DrWebBackDoor.RMS.163
McAfee-GW-EditionArtemis
SophosGeneric PUA CB (PUA)
MicrosoftPUA:Win32/Presenoker
VBA32TrojanDownloader.BAT.RemoteAdmin
CylanceUnsafe
MaxSecureTrojan.Malware.74622655.susgen

How to remove TrojanDownloader.BAT.RemoteAdmin?

TrojanDownloader.BAT.RemoteAdmin removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment