Backdoor

Should I remove “VHO:Backdoor.Win32.TeviRat”?

Malware Removal

The VHO:Backdoor.Win32.TeviRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Backdoor.Win32.TeviRat virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine VHO:Backdoor.Win32.TeviRat?



File Info:

name: 46EC2F32EB200A8820DD.mlw
path: /opt/CAPEv2/storage/binaries/f4b278d399c1bdd505b2e993905d67ad2fa03fcda2d656c934e6b0b91452d071
crc32: 56FB35F7
md5: 46ec2f32eb200a8820dd94ca51dd8a43
sha1: 3151e88f68256d4f9a7f1c13fb6c551930b0da5a
sha256: f4b278d399c1bdd505b2e993905d67ad2fa03fcda2d656c934e6b0b91452d071
sha512: 2b0b48b7a88017a7392ac1d2e93d9f42c692cf82ce25e14bcd7afbf800338232c775a86367e95651c0af01e9c448d4495f8be7d7bb72195a7f93e5b20ac8d93b
ssdeep: 24576:hI39dzcSjZXU5Zcj6jEwdVAFDx6uFiaSb0ynXCvliM5XoychgebVKoyInpD:h6dVjRU5ZNVa6PcyXCvoM5YyCVbvfnpD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F753383D181EAB9F3B2DC306E2A8B09073FBF136138909CBF5D698D5F5E9946499314
sha3_384: dc82f059fb7d7fb34b4f173fe91b537cdd4611fb2e5ba364fb3c2763f9500a6a5eb34e216ee297e26be17d56fa0d250c
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 2023-09-10 23:04:34


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: PT Previewer Setup                                          
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

VHO:Backdoor.Win32.TeviRat also known as:

BkavW32.AIDetectMalware
MalwarebytesTrojan.Dropper.Generic
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyVHO:Backdoor.Win32.TeviRat.gen
ZoneAlarmVHO:Backdoor.Win32.TeviRat.gen
MicrosoftTrojan:Win32/Sabsik.TE.A!ml
FortinetW32/Agent.SLC!tr

How to remove VHO:Backdoor.Win32.TeviRat?

VHO:Backdoor.Win32.TeviRat removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment