Trojan

What is “Trojan:Win32/Ruandmel.A!bit”?

Malware Removal

The Trojan:Win32/Ruandmel.A!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ruandmel.A!bit virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Code injection with CreateRemoteThread in a remote process
  • Queries information on disks, possibly for anti-virtualization
  • Executed a process and injected code into it, probably while unpacking
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

giallaz.ru

How to determine Trojan:Win32/Ruandmel.A!bit?



File Info:

crc32: E276E2ED
md5: 49b71eb3c4e9b9f5f4d58722e6bcdfa4
name: explorer_ga.exe
sha1: 519870c71a1ae3c12300284139d1e311e16ea416
sha256: 8179d0b5e1307621aa793c502a89ac3b7aba833f3b4fc815f99d0dbc85aa7c06
sha512: 8303a45003605f4c1dc7b7ca182f526eb0897c3e43d5118c448b94cc3f25e4e32b13b4722165e4c7cc72e14d0cdf9fd3612656919bc50febf4e0574454235acb
ssdeep: 1536:xJGjdJIlBFF1NH2r4VdWbJ49Hf31uIz22EEEEEEEE5:xJcUF1NHI4oJ49/FuIz22EEEEEEEE
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan:Win32/Ruandmel.A!bit also known as:

BkavW32.TisroparLTAAH.Trojan
MicroWorld-eScanGen:Variant.Ulise.86244
FireEyeGeneric.mg.49b71eb3c4e9b9f5
CAT-QuickHealTrojan.RuandmelPMF.S927835
McAfeeGenericRXBG-ZU!49B71EB3C4E9
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 004d8e271 )
BitDefenderGen:Variant.Ulise.86244
K7GWTrojan ( 004d8e271 )
TrendMicroTROJ_GAUDOX.SM
BitDefenderThetaAI:Packer.662B3E881E
F-ProtW32/Gaudox.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
GDataGen:Variant.Ulise.86244
KasperskyTrojan-Ransom.Win32.Blocker.meia
AlibabaTrojan:Win32/Ruandmel.327a4fbc
NANO-AntivirusVirus.Win32.Gen.ccmw
ViRobotTrojan.Win32.U.Agent.64512.B
RisingTrojan.Ruandmel!8.61CE (TFE:2:FT2F40T8eMR)
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoTrojWare.Win32.Ruandmel.AG@6qbq5f
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Inject2.57861
ZillyaTrojan.Generic.Win32.522151
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.kh
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ulise.86244 (B)
CyrenW32/Gaudox.B.gen!Eldorado
JiangminTrojanDropper.Injector.bkgu
eGambitUnsafe.AI_Score_99%
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftTrojan:Win32/Ruandmel.A!bit
SUPERAntiSpywareTrojan.Agent/Gen-Malagent
ZoneAlarmTrojan-Ransom.Win32.Blocker.meia
AhnLab-V3Trojan/Win32.Dynamer.C1318203
Acronissuspicious
VBA32Hoax.Blocker
ALYacGen:Variant.Ulise.86244
MAXmalware (ai score=100)
Ad-AwareGen:Variant.Ulise.86244
MalwarebytesTrojan.Gaudox
PandaTrj/CI.A
ESET-NOD32Win32/Agent.XRR
TrendMicro-HouseCallTROJ_GAUDOX.SM
YandexTrojan.Blocker!KJVutD4QUXc
SentinelOneDFI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Agent.XRR!tr
WebrootTrojan.Dropper.Gen
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360HEUR/QVM20.1.05B3.Malware.Gen

How to remove Trojan:Win32/Ruandmel.A!bit?

Trojan:Win32/Ruandmel.A!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment