What is “Worm:Win32/Pushbot!C”?

Malware Removal

The Worm:Win32/Pushbot!C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Worm:Win32/Pushbot!C virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to stop active services
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

Related domains:

linux.totalunix.net

How to determine Worm:Win32/Pushbot!C?


File Info:

crc32: F6FF6FD9
md5: a35ed08f28519cde624aaaf0a02cf50e
name: A35ED08F28519CDE624AAAF0A02CF50E.mlw
sha1: 339d290e56f9007fc7d275d7aa73dc6d2ade5fa3
sha256: 5b69177e948f763b6973c579a0ff5556c4ef73fcd8138e94c94a8662e7b525a7
sha512: 457bdbd29c6fbf56f70d47fe8cef034e3d36bf778ae4495e2f96a51aa81dc715fc1d145b52e6f98a6c0454a95c709d2a5367f7facbaa6f4228a10f7d62f963de
ssdeep: 3072:Tu8cwuQ9QFo/ozm/SqbRJL1Mfpzu4P/4l5I:Tu8ZySa+L1+ai6e
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Worm:Win32/Pushbot!C also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.Elzob.515
FireEyeGeneric.mg.a35ed08f28519cde
McAfeeW32/Hamweq.worm.bl
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Sysn.b!c
SangforMalware
BitDefenderGen:Variant.Zusy.Elzob.515
CrowdStrikewin/malicious_confidence_80% (D)
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Zbot-LQQ [Trj]
KasperskyTrojan-Dropper.Win32.Sysn.ykm
NANO-AntivirusTrojan.Win32.Sysn.clfmdt
RisingExploit.ShellCode!8.2A (CLOUD)
Ad-AwareGen:Variant.Zusy.Elzob.515
EmsisoftGen:Variant.Zusy.Elzob.515 (B)
ComodoSuspicious@#31g1ia0mr4flc
F-SecurePacked:W32/Inject.gen!A
ZillyaTrojan.Inject.Win32.16047
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
SophosMal/Generic-S
IkarusTrojan-Spy.Zbot
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan[Dropper]/Win32.Sysn
KingsoftWin32.Troj.Sysn.y.(kcloud)
MicrosoftWorm:Win32/Pushbot.gen!C
ArcabitTrojan.Zusy.Elzob.515
ZoneAlarmTrojan-Dropper.Win32.Sysn.ykm
GDataGen:Variant.Zusy.Elzob.515
CynetMalicious (score: 100)
BitDefenderThetaAI:Packer.AE445A4E1E
ALYacGen:Variant.Zusy.Elzob.515
MAXmalware (ai score=84)
VBA32BScope.Trojan.871206
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.APUS
TencentWin32.Trojan-dropper.Sysn.Lknm
YandexTrojan.GenAsa!6H2BrmuQMRQ
eGambitUnsafe.AI_Score_95%
FortinetW32/Hamweq.Q!worm
WebrootW32.HackTool.CeeInject.A
AVGWin32:Zbot-LQQ [Trj]
Cybereasonmalicious.f28519
Paloaltogeneric.ml
Qihoo-360Generic/HEUR/Malware.QVM07.Gen

How to remove Worm:Win32/Pushbot!C?

Worm:Win32/Pushbot!C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment