Malware

Win32:Rodecap-F [Trj] removal guide

Malware Removal

The Win32:Rodecap-F [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Rodecap-F [Trj] virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

How to determine Win32:Rodecap-F [Trj]?



File Info:

crc32: 6C51C895
md5: 43e898371b32a374e4322b4d4a1de1ca
name: 43E898371B32A374E4322B4D4A1DE1CA.mlw
sha1: 4b09428d7f4e8556ea8066518bab80f284704a03
sha256: d66887240bf15cf8c072d8bcb3b1debf23568899c0ae13d2521c2edb363e1328
sha512: 7fb467571fefa050d53e3a0f9f027dcaa5a4a992ce116ae34706b8317d77308e1e28d46c96044a4b157125ac8940a1f2b78f9309eea7fb47d664a7c553d35f6e
ssdeep: 6144:TO/DVuhywMptQmZp2DyPCA02HsQ2KZj93cDDj7LAf+:a/DohTMSePCA04+KZhw/a+
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xffa9 Microsoft Corporation. All rights reserved.
InternalName: mstsc.exe
FileVersion: 6.1.7600.16385
CompanyName: Microsoft Corporation
PrivateBuild: mstsc.exe.mui
LegalTrademarks: xffa9 Microsoft Corporation. All rights reserved.
Comments:                                                                                                                                                                                                                                                                    
ProductName: Microsoftxffae Windowsxffae Operating System
SpecialBuild: 6.1.7600.16385
ProductVersion: 6.1.7600.16385
FileDescription: Remote Desktop Connection
OriginalFilename: mstsc.exe.mui
Translation: 0x0409 0x04b0

Win32:Rodecap-F [Trj] also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Malware.wu0@a4t!seei
CAT-QuickHealTrojan.Small.gen
Qihoo-360Win32/Trojan.e6d
McAfeeDownloader-FKE!43E898371B32
CylanceUnsafe
VIPRETrojan.Win32.Small.bhm (v)
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Blocker.2a62db3a
K7GWTrojan ( 003e826e1 )
K7AntiVirusTrojan ( 003e826e1 )
CyrenW32/SmallDl.F.gen!Eldorado
SymantecDownloader
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-1268863
BitDefenderGen:Trojan.Malware.wu0@a4t!seei
NANO-AntivirusTrojan.Win32.Blocker.chwsks
Ad-AwareGen:Trojan.Malware.wu0@a4t!seei
EmsisoftGen:Trojan.Malware.wu0@a4t!seei (B)
ComodoTrojWare.Win32.Agent.AWR@4ri3wg
F-SecureTrojan.TR/Small.bhoumb
BitDefenderThetaGen:NN.ZexaF.34590.wu0@a4t!seei
ZillyaTrojan.Rodecap.Win32.1732
TrendMicroTROJ_RODECAP.SMO
FireEyeGeneric.mg.43e898371b32a374
SophosMal/Generic-R + Mal/Qbot-P
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Blocker.pbu
WebrootW32.Malware.Gen
AviraTR/Small.bhoumb
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Generic_a.a.(kcloud)
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Blocker.R52075
Acronissuspicious
ALYacGen:Trojan.Malware.wu0@a4t!seei
MAXmalware (ai score=100)
VBA32Hoax.Blocker
MalwarebytesTrojan.Rodecap
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_RODECAP.SMO
TencentMalware.Win32.Gencirc.10b1507c
YandexTrojan.GenAsa!6KhuQuHc76g
TACHYONTrojan/W32.Blocker.375808
eGambitUnsafe.AI_Score_97%
FortinetW32/Rodecap.BB!tr
AVGWin32:Rodecap-F [Trj]
Cybereasonmalicious.71b32a
AvastWin32:Rodecap-F [Trj]

How to remove Win32:Rodecap-F [Trj]?

Win32:Rodecap-F [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment