Malware

Babar.18299 (B) removal tips

Malware Removal

The Babar.18299 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.18299 (B) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Babar.18299 (B)?



File Info:

crc32: 4A48BF2F
md5: 9d250d2760412af80ac3d9df59ce71e6
name: q0s3.exe
sha1: 1a0ede62670b424cd88b7c5f390c4ee553af123f
sha256: 945bb735ebe0a3b779047bf0e1b145ee7d8166eeb61dce058e8735dbb564b114
sha512: cbfc62b27aea6727a105fb20eca8ed02a439ee28a64adc8decfd8d03150f3df1e1b216272a59e66a4b04d2af8df9b986f97ec1aaf3852fcbe6f63722e3382542
ssdeep: 6144:Bph2KiYC3aZBTVItzt3QlpLV0IjLKdJr2qKiTst:BViYC3aZU53QuIjLKdwGg
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Babar.18299 (B) also known as:

MicroWorld-eScanGen:Variant.Babar.18299
FireEyeGeneric.mg.9d250d2760412af8
BitDefenderGen:Variant.Babar.18299
BitDefenderThetaGen:NN.ZexaCO.33556.tqX@aiYiOCgi
APEXMalicious
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Babar.18299 (B)
WebrootW32.Trojan.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
MAXmalware (ai score=85)
Ad-AwareGen:Variant.Babar.18299
CylanceUnsafe
FortinetW32/GenKryptik.DYLZ!tr

How to remove Babar.18299 (B)?

Babar.18299 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment