Rootkit BRMAS.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of BRMAS.SYS may be a very difficult process.
You should use anti-rootkit software to fix the BRMAS.SYS problem.
Malware Analysis of BRMAS.SYS
Full path on a computer: %Program Files%\SekBrmas\bin\Brmas.sys
Detected by UnHackMe:
BRMAS.SYS
Default location: %Program Files%\SekBrmas\bin\Brmas.sys
Removal Results: Success
Number of reboot: 1
BRMAS.SYS is known as:
Rootkit.Celesign.A
BRMAS.SYS hash:
- MD5: cfb0db1a7d1602dc351815e2c5a7468f
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect BRMAS.SYS presence?
Registry:
- HKLM\System\CurrentControlSet\Services\Brmas\ImagePath: “\??\%Program Files%\SekBrmas\bin\Brmas.sys”
- HKLM\System\CurrentControlSet\Services\Brmas\DisplayName: “Brmas”
Folders:
- %Program Files%\SekBrmas
- %Program Files%\SekBrmas\bin
- %Program Files%\SekBrmas\bin\brmas
Files:
- %Program Files%\SekBrmas\bin\brmas\db0.brmas
- %Program Files%\SekBrmas\bin\Brmas.dll
- %Program Files%\SekBrmas\bin\Brmas.exe
- %Program Files%\SekBrmas\bin\Brmas.sys
- %Program Files%\SekBrmas\bin\BrowserMgr.dll
- %Program Files%\SekBrmas\bin\CheckList.dll
- %Program Files%\SekBrmas\bin\chrome.lnk
- %Program Files%\SekBrmas\bin\firefox.lnk
- %Program Files%\SekBrmas\bin\IEXPLORE.lnk
- %Program Files%\SekBrmas\bin\InstallHelper.dll
- %Program Files%\SekBrmas\bin\ProtConfig.dat
- %Program Files%\SekBrmas\bin\Setting.pfc
- %Program Files%\SekBrmas\bin\stat.dll
- %Program Files%\SekBrmas\bin\uninst.exe
- %Program Files%\SekBrmas\setting.ini