Spyware

How to remove Bodontae Spyware from PC?

In this post, I am going to tell you about the symptoms of Bodontae spyware appearance, and also the way to get rid of Bodontae spyware virus from your PC.

Describing Bodontae spyware

Bodontae TrojanSpy as the virus is not a solitary app, but a component of considerably more expansive as well as complex malware – trojan-stealer. It’s a sort of trojan, which is targeted on your personal data, and also gathers really whatever relating to you as well as your PC. Ordinarily, stealers have keylogger functions1, which allow them to record your keystrokes. In addition to that, Bodontae virus can collect your cookie files, your phone number, location; it likewise can thieve all your passwords from the keychain within the web browser.

Name Bodontae
Infection Type Spyware
Symptoms
  • Executable code extraction;
  • Attempts to connect to a dead IP:Port (2 unique times);
  • Creates RWX memory;
  • Performs some HTTP requests;
  • The binary likely contains encrypted or compressed data.;
  • Uses Windows utilities for basic functionality;
  • Installs itself for autorun at Windows startup;
  • Creates a hidden or system file;
  • Attempts to modify or disable Security Center warnings;
  • Anomalous binary characteristics;
  • Attempts to modify Explorer settings to prevent file extensions from being displayed;
  • Attempts to modify Explorer settings to prevent hidden files from being displayed;
  • Uses suspicious command line tools or Windows utilities;
Similar behavior AgentKlog, Tiggre, Flunuceo
Fix Tool

See If Your System Has Been Affected by Bodontae spyware

However, the large share of Bodontae spy are hunting for your banking data: credit card number, safety codes and expiration date. For instance, if you utilize online banking, the Bodontae stealer virus is able to compromise your login and password, so the thugs will certainly get access to your account. Many different business data might also be an item of interest of Bodontae virus distributors, and an instance of large firms such information leak may lead to catastrophic effects.

Statistics of spyware activity in 2020
TrojanSpy activity in 2020, compared to backdoor viruses activity

The major distribution manners of Bodontae spyware are identical to other trojans. Nowadays, most of such applications are spread through email additions. These additions (. docx,. pdf documents) include infected macroses, which are utilized by Bodontae spy to invade your personal computer. Sometimes, these letters have links to the phishing copies of official sites, like Facebook, Twitter, LinkedIn or so.

Rating of different spyware activity

Most popular spyware in 20202

It is essential to state that there is an autonomous type of spyware – for Android operating system. Such applications have the same functions as the PC edition does, however, mobile malware is spread as a legit program for checking the spouse’s or children’s geographic location. Nonetheless, besides taking various personal information, it can also reveal you a totally wrong place of the phone you are trying to track. Such scenarios may trigger complaints out of the blue.

How can I understand that my computer is infected with Bodontae spyware?

Bodontae spy is an incredibly stealth malware, because its productiveness depends upon how much time it can run prior to being detected. So, Bodontae spyware developers made everything to make their application existence as insensible as feasible. Of course, you will notice that your profiles in social networks are taken, as well as funds from your bank account is flowing away, but it is far too late.

Bodontae also known as

Bkav W32.AIDetect.malware1
K7AntiVirus Trojan ( 005642691 )
DrWeb Trojan.MulDrop8.30248
Cynet Malicious (score: 100)
ALYac Trojan.GenericKD.31087616
K7GW Trojan ( 005642691 )
Cybereason malicious.7b820f
ESET-NOD32 a variant of Win32/Autoit.DI
APEX Malicious
Avast FileRepMalware [PUP]
Kaspersky Trojan-Ransom.Win32.Blocker.lcin
BitDefender Trojan.GenericKD.31087616
NANO-Antivirus Trojan.Win32.Blocker.ffprsh
MicroWorld-eScan Trojan.GenericKD.31087616
Tencent Win32.Trojan.Blocker.Wtdx
Ad-Aware Trojan.GenericKD.31087616
Sophos Generic ML PUA (PUA)
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.tc
FireEye Generic.mg.6be151c7b820fc73
Emsisoft Trojan.GenericKD.31087616 (B)
eGambit Unsafe.AI_Score_84%
Microsoft TrojanSpy:AutoIt/Bodontae.A
Arcabit Trojan.Generic.D1DA5C00
AegisLab Trojan.Win32.Generic.4!e
GData Trojan.GenericKD.31087616
McAfee Artemis!6BE151C7B820
MAX malware (ai score=89)
Malwarebytes MachineLearning/Anomalous.100%
Ikarus Trojan-Spy.AutoIt.Bodontae
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Blocker.LCIN!tr
AVG FileRepMalware [PUP]
Paloalto generic.ml

Domains that associated with Bodontae:

Domains that associated with Bodontae:

0 gendoubre.ddns.net
1 gendoubre.1s.fr
2 edgedl.me.gvt1.com

What are the symptoms of Bodontae trojan?

  • Executable code extraction;
  • Attempts to connect to a dead IP:Port (2 unique times);
  • Creates RWX memory;
  • Performs some HTTP requests;
  • The binary likely contains encrypted or compressed data.;
  • Uses Windows utilities for basic functionality;
  • Installs itself for autorun at Windows startup;
  • Creates a hidden or system file;
  • Attempts to modify or disable Security Center warnings;
  • Anomalous binary characteristics;
  • Attempts to modify Explorer settings to prevent file extensions from being displayed;
  • Attempts to modify Explorer settings to prevent hidden files from being displayed;
  • Uses suspicious command line tools or Windows utilities;

To avoid infiltration of Bodontae spyware, stay away from launching any type of attachments to the e-mails from uncertain addresses. These days, during quarantine, email-distributed malware gets way more active. Users (specifically ones that started ordering every little thing on online-marketplaces) do not take note to the weird email addresses, and open whatever that reaches their email. And Bodontae stealer is directly in it.

How to remove Bodontae spyware?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • “Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You can try to do it by hand, nonetheless, like any other trojan, Bodontae TrojanSpy puts into effect the modifications extremely deep within the system. For this reason, it’s extremely tough to spot all these changes, and even more challenging to clean up them out. To deal with this unsafe malware totally, I can suggest you to utilize GridinSoft Anti-Malware.

Scanning

To detect and delete all unwanted applications on your PC with GridinSoft Anti-Malware, it’s better to utilize Standard or Full scan. Quick Scan is not able to find all malicious programs, because it checks only the most popular registry entries and folders.

Scan types in Gridinsoft Anti-Malware

You can see the detected malicious items sorted by their possible hazard simultaneously with the scan process. But to perform any actions against malware, you need to wait until the scan is finished, or to stop the scan.

GridinSoft Anti-Malware during the scan

To set the action for each detected malicious or unwanted program, click the arrow in front of the name of detected malicious app. By default, all the viruses will be moved to quarantine.

List of detected malware after the scan

  1. What is Spyware: https://en.wikipedia.org/wiki/Spyware
  2. ESET quaterly report: ESET_Threat_Report_Q22020.pdf

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button