Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

BRMAS.SYS is Rootkit Celesign.A

$
0
0

Rootkit BRMAS.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of BRMAS.SYS may be a very difficult process.
You should use anti-rootkit software to fix the BRMAS.SYS problem.

Malware Analysis of BRMAS.SYS
Full path on a computer: %Program Files%\SekBrmas\bin\Brmas.sys

Detected by UnHackMe:

BRMAS.SYS
Default location: %Program Files%\SekBrmas\bin\Brmas.sys

Removal Results: Success
Number of reboot: 1

BRMAS.SYS is known as:

Rootkit.Celesign.A

BRMAS.SYS hash:

  • MD5: cfb0db1a7d1602dc351815e2c5a7468f
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect BRMAS.SYS presence?
Registry:
  • HKLM\System\CurrentControlSet\Services\Brmas\ImagePath: “\??\%Program Files%\SekBrmas\bin\Brmas.sys”
  • HKLM\System\CurrentControlSet\Services\Brmas\DisplayName: “Brmas”
Folders:
  • %Program Files%\SekBrmas
  • %Program Files%\SekBrmas\bin
  • %Program Files%\SekBrmas\bin\brmas
Files:
  • %Program Files%\SekBrmas\bin\brmas\db0.brmas
  • %Program Files%\SekBrmas\bin\Brmas.dll
  • %Program Files%\SekBrmas\bin\Brmas.exe
  • %Program Files%\SekBrmas\bin\Brmas.sys
  • %Program Files%\SekBrmas\bin\BrowserMgr.dll
  • %Program Files%\SekBrmas\bin\CheckList.dll
  • %Program Files%\SekBrmas\bin\chrome.lnk
  • %Program Files%\SekBrmas\bin\firefox.lnk
  • %Program Files%\SekBrmas\bin\IEXPLORE.lnk
  • %Program Files%\SekBrmas\bin\InstallHelper.dll
  • %Program Files%\SekBrmas\bin\ProtConfig.dat
  • %Program Files%\SekBrmas\bin\Setting.pfc
  • %Program Files%\SekBrmas\bin\stat.dll
  • %Program Files%\SekBrmas\bin\uninst.exe
  • %Program Files%\SekBrmas\setting.ini


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>