Remove Trojan:Win32/Bumat!rts (Virus Removal Guide)

Trojan:Win32/Bumat!rts is a generic detection used by Windows Defender, Microsoft Security Essentials, Avast Antivirus and other antivirus products for a file that appears to have trojan-like features or behavior.
Trojan:Win32/Bumat!rts contains malicious or potentially unwanted software which downloads and installs on the affected system. Commonly, this infection will install a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system.

What is the Trojan:Win32/Bumat!rts infection?

Trojan:Win32/Bumat!rts is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Trojan:Win32/Bumat!rts is a is a broad classification used by Microsoft Security Essentials, Windows Defender and other antivirus engines a file that appears to have trojan-like features or behavior for software that exhibits suspicious behavior categorized as potentially malicious.
Trojan:Win32/Bumat!rts is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
The Behavior Monitoring feature observes the behavior of processes as they run programs. If it observes a process behaving in a potentially malicious way, it reports the program the process is running as potentially malicious.

Due to the generic nature of this detection, methods of installation may vary. The Trojan:Win32/Bumat!rts infections may often install themselves by copying their executable to the Windows or Windows system folders, and then modifying the registry to run this file at each system start. Trojan:Win32/Bumat!rtswill often modify the following subkey in order to accomplish this:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Trojan:Win32/Bumat!rts may contact a remote host at opencapture.co.kr using port 80. Commonly, malware may contact a remote host for the following purposes:

  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

Is Trojan:Win32/Bumat!rts a False Positive ?

Files reported as Trojan:Win32/Bumat!rts are not necessarily malicious. For example, users can be tricked into using non-malicious programs, such as Web browsers, to unknowingly perform malicious actions, such as downloading malware. Some otherwise harmless programs may have flaws that malware or attackers can exploit to perform malicious actions. Should you be uncertain as to whether a file has been reported correctly, we encourage you to submit the affected file to https://www.virustotal.com/en/ to be scanned with multiple antivirus engines.

How did Trojan:Win32/Bumat!rts infection got on my computer?

The Trojan:Win32/Bumat!rts virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge.

Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Trojan:Win32/Bumat!rts virus.

The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

How to remove Trojan:Win32/Bumat!rts virus (Removal Guide)

This page is a comprehensive guide, which will remove the Trojan:Win32/Bumat!rts infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Remove Trojan:Win32/Bumat!rts Master Boot Record infection with Kaspersky TDSSKiller
STEP 2: Run RKill to terminate Trojan:Win32/Bumat!rts malicious processes
STEP 3: Remove Trojan:Win32/Bumat!rts virus with Malwarebytes Anti-Malware Free
STEP 4: Remove Trojan:Win32/Bumat!rts malware with RogueKiller
STEP 5:  Remove Trojan:Win32/Bumat!rts infection with HitmanPro
STEP 6: Double check for any left over infections with Emsisoft Emergency Kit
STEP 7: Remove Trojan:Win32/Bumat!rts adware with AdwCleaner
STEP 8: Remove Trojan:Win32/Bumat!rts browser hijacker with Junkware Removal Tool

STEP 1:  Remove Trojan:Win32/Bumat!rts trojan with Kaspersky TDSSKiller

As part of its self defense mechanism, Trojan:Win32/Bumat!rts virus will install a ZeroAccess rootkit on the infected computer.In this first step, we will run a system scan with Kaspersky TDSSKiller to remove this rookit.

  1. Please download the latest official version of Kaspersky TDSSKiller.
    KASPERSKY TDSSKILLER DOWNLOAD LINK(This link will automatically download Kaspersky TDSSKiller on your computer.)
  2. Double-click on tdsskiller.exe to open this utility, then click on Change Parameters.
    Kaspersky TDSSKiller change settings
  3. In the new open window,we will need to enable Detect TDLFS file system, then click on OK.
    Kaspersky TDSSKiller Detect TDLFS file system
  4. Next,we will need to start a scan with Kaspersky, so you’ll need to press the Start Scan button.
    Kaspersky TDSSKiller start scan
  5. Kaspersky TDSSKiller will now scan your computer for Trojan Trojan:Win32/Bumat!rts infection.
    Kaspersky TDSSKiller scan
  6. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
    Kaspersky TDSSKiller results
  7. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.A reboot will be require to completely remove any infection from your system.

STEP 2: Run RKill to terminate Trojan:Win32/Bumat!rts malicious processes

RKill is a program that will attempt to terminate all malicious processes associated with Trojan:Win32/Bumat!rts infection, so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop Trojan:Win32/Bumat!rts running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.

  1. While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that Proven Antivirus Protection won’t block this utility from running.
    RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe)
  2. Double click on iExplore.exe to start RKill and stop any processes associated with Trojan:Win32/Bumat!rts.
    [Image: RKILL Program]
  3. RKill will now start working in the background, please be patient while the program looks for Trojan:Win32/Bumat!rts malicious process and tries to end them.
    [Image: RKILL stoping malware]
  4. When the Rkill utility has completed its task, it will generate a log. Do not reboot your computer after running RKill as the malware programs will start again.
    [Image: RKill Report]

STEP 3: Remove Trojan:Win32/Bumat!rts virus with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware Free utilizes Malwarebytes powerful technology to detect and remove all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware and more.

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Trojan:Win32/Bumat!rts malicious files.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Trojan:Win32/Bumat!rts virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Trojan:Win32/Bumat!rts
  5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
    [Image: Malwarebytes Anti-Malwar removing Trojan:Win32/Bumat!rts virus]
  7. Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.

STEP 4: Remove Trojan:Win32/Bumat!rts infection with RogueKiller

RogueKiller is a utility that will scan for the Trojan:Win32/Bumat!rts registry keys and any other malicious files on your computer.

  1. You can download the latest official version of RogueKiller from the below link.
    ROGUEKILLER DOWNLOAD LINK (This link will open a new web page from where you can download RogueKiller on your computer)
  2. Double-click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds,  then click on the Scan button to perform a system scan.
    [Image: RogueKiller scaning for Trojan:Win32/Bumat!rts virus]
  3. After the scan has completed, press the Delete button to remove Trojan:Win32/Bumat!rts malicious registry keys or files.
    [Image: RogueKiller Detele button]

STEP 5: Remove Trojan:Win32/Bumat!rts infection with HitmanPro

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for Trojan:Win32/Bumat!rts malware.
    HitmanPro detecting for Trojan:Win32/Bumat!rts virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Trojan:Win32/Bumat!rts virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

STEP 6: Double check for any left over infections with Emsisoft Emergency Kit

The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malicious programs.

  1. You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK ((This link will open a new web page from where you can download Emsisoft Emergency Kit)
  2. Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
    EmergencyKitScanner.bat file
  3. After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
    Emsisoft Emergency Kit scan tab
  4. Select Smart scan and click on the SCAN button to search for “Antivirus Security 2013” malicious files.
    Emsisoft Emergency Kit smart scan
  5. When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.
    Emsisoft Emergency Kit removing malware

STEP 7: Remove Trojan:Win32/Bumat!rts adware with AdwCleaner

The AdwCleaner utility will scan your computer for Trojan:Win32/Bumat!rts malicious files that may have been installed on your computer without your knowledge.

  1. You can download AdwCleaner utility from the below link.
    ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)
  2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [Image: AdwCleaner Icon]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
  3. When the AdwCleaner program will open, click on the Scan button as shown below.
    [Image: Adwcleaner Scan]
    AdwCleaner will now start to search for Trojan:Win32/Bumat!rts malicious files that may be installed on your computer.
  4. To remove the Trojan:Win32/Bumat!rts malicious files that were detected in the previous step, please click on the Clean button.
    [Image: AdwCleaner removing infections]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.

STEP 8: Remove Trojan:Win32/Bumat!rts browser hijack with Junkware Removal Tool

Junkware Removal Tool is a powerful utility, which will remove Trojan:Win32/Bumat!rts virus from Internet Explorer, Firefox or Google Chrome.

  1. You can download the Junkware Removal Tool utility from the below link:
    JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download the Junkware Removal Tool utility on your computer)
  2. Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.
    [Image: Junkware Removal Tool]
    If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.
  3. Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the Trojan:Win32/Bumat!rts.
    [Image: Junkware Removal Tool scanning for Trojan:Win32/Bumat!rts virus]
    Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.
  4. When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your computer.
    [Image: Junkware Removal Tool final log]

Your computer should now be free of the Trojan:Win32/Bumat!rts infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove Trojan:Win32/Bumat!rts from your machine, please start a new thread in our Malware Removal Assistance forum.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.