Malware

How to remove “Win32/Rodecap.AX”?

Malware Removal

The Win32/Rodecap.AX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Rodecap.AX virus can do?

  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • Executes the printer spooler process
  • Authenticode signature is invalid
  • Connects to/from or queries a remote desktop session
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Uses esentutl for copying files

How to determine Win32/Rodecap.AX?



File Info:

name: B0F89CC5B0A8EBCFADD2.mlw
path: /opt/CAPEv2/storage/binaries/b96ea7a7b3a28cb52b5fd8da1a6ca8c2c1d8d3fa73d03d1bcb0c1a38a6b4d896
crc32: B6553650
md5: b0f89cc5b0a8ebcfadd28e29cb3b8b4c
sha1: d0a872cbff42a857504c1df6f4596e13c53fb7f4
sha256: b96ea7a7b3a28cb52b5fd8da1a6ca8c2c1d8d3fa73d03d1bcb0c1a38a6b4d896
sha512: 9fb061f64a5197636c9327de2aa768cd9d9acaa7a92b84ede19fabdeca54135f9bde4a74e5188c6347a9cbc51894ccde9d757b32bce9d807d68091e7a7039fb9
ssdeep: 12288:sGoPBnRaIEY991JWS2NPPTYhdWCxs+r4ohJqZoRzN2we8raxEp/:kP799F0Ks+r4ohJqZoRzN2we8rax4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16BA40822AE52C936F46341FD9EFD96A66528A8F12B1454D3FFC459B924B05C23E30E0F
sha3_384: 6291705971156f67e600f87391d6fcbeeee985f622eff069b686ad44e09d0b45ef84fcbcb3fec63fef950534ff559e25
ep_bytes: e8fb050000e936fdffff6a1468107246
timestamp: 2012-10-01 19:56:03


Version Info:

Comments:                                                                                                                                                                                                                                                                    
CompanyName: Microsoft Corporation
FileDescription: Task Scheduler Setup
FileVersion: 5.1.2600.5512
InternalName: TaskScheduler
LegalCopyright: ᄅ Microsoft Corporation. All rights reserved.
LegalTrademarks: ᄅ Microsoft Corporation. All rights reserved.
OriginalFilename: mstinit.exe
PrivateBuild: mstinit.exe
ProductName: Microsoftᆴ Windowsᆴ Operating System
ProductVersion: 5.1.2600.5512
SpecialBuild: 5.1.2600.5512
Translation: 0x0409 0x04b0

Win32/Rodecap.AX also known as:

BkavW32.Common.741780F5
MicroWorld-eScanGen:Heur.Naffy.1
CAT-QuickHealTrojan.Mutopy.A
SkyhighBehavesLike.Win32.Generic.gh
McAfeeGenericRXGI-SK!B0F89CC5B0A8
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Heur.Naffy.1
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004c8b5c1 )
BitDefenderGen:Heur.Naffy.1
K7GWTrojan ( 004c8b5c1 )
BitDefenderThetaGen:NN.ZexaF.36792.Du0@aOR5Ppji
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Rodecap.AX
APEXMalicious
ClamAVWin.Trojan.Multi-6413508-0
KasperskyTrojan-Downloader.Win32.Dapato.mlv
RisingTrojan.Mutopy!1.9D89 (CLASSIC)
SophosTroj/Dapato-A
F-SecureTrojan.TR/Kazy.34213.jh
DrWebTrojan.DownLoader7.1885
ZillyaDownloader.Dapato.Win32.3879
FireEyeGeneric.mg.b0f89cc5b0a8ebcf
EmsisoftGen:Heur.Naffy.1 (B)
IkarusTrojan.Win32.Jorik
JiangminTrojanDownloader.Dapato.bed
GoogleDetected
AviraTR/Kazy.34213.jh
VaristW32/Troj_Obfusc.AI.gen!Eldorado
Antiy-AVLTrojan[Downloader]/Win32.Dapato
Kingsoftmalware.kb.a.963
MicrosoftTrojan:Win32/Mutopy.A
XcitiumTrojWare.Win32.Agent.AWR@4ri3wg
ArcabitTrojan.Naffy.1
ZoneAlarmTrojan-Downloader.Win32.Dapato.mlv
GDataGen:Heur.Naffy.1
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win32.Dapato.R38757
VBA32TrojanDownloader.Dapato
ALYacGen:Heur.Naffy.1
MAXmalware (ai score=83)
DeepInstinctMALICIOUS
Cylanceunsafe
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10bf3107
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.4677336.susgen
FortinetW32/Rodecap.AW!tr
AVGWin32:TrojanX-gen [Trj]
AvastWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Rodecap.AX?

Win32/Rodecap.AX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment