NETAPI32.EXE is Backdoor NetDevil.610816.B

August 11, 2012 by NightWatcher
Filed under: Backdoor 
: Solved!

Fix it immediately:

Is the file NETAPI32.EXE located on your computer? Then your computer is infected.
We do suggest you should remove NETAPI32.EXE from your computer as soon as possible.
NETAPI32.EXE is Trojan/Backdoor.
Kill the process NETAPI32.EXE and remove NETAPI32.EXE from the Windows startup.

Malware Analysis of NETAPI32.EXE
Full path on a computer: %SysDir%\NETAPI32.EXE

Detected by UnHackMe:

NETAPI32.EXE
Default location: %SysDir%\NETAPI32.EXE

Removal Results: Success
Number of reboot: 1

NETAPI32.EXE is known as:

Backdoor.NetDevil.610816.B, BackDoor-RP.svr, Backdoor.RP, Backdoor, Backdoor.NetDevil.gj24c8xqxng, Win32.Pleaz.10.Server, Backdoor.Trojan, BKDR_NETDEV.13, NetDevil.13.b, Trojan.Zleap, Backdoor.NetDevil.13.b, Backdoor.NetDevil, Backdoor.Pleaz.10.Server, BackDoor.NetDevil.13, BDS.Netdevil.14.Srv, Mal.Behav-141, Win32.NetDevil.13, Backdoor.Pleaz, Win-Trojan.Netdevil.610816, W32.BDoor.B.tr.bdr

NETAPI32.EXE hash:

  • MD5: 0e50ffcb4e8c380a68cacd44075d1834
How to quickly detect NETAPI32.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NETAPI32: “%SysDir%\NETAPI32.EXE”
Files:
  • %SysDir%\NETAPI32.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Backdoor, NETAPI32.EXE, NetDevil.610816.B

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.