How to remove "Babar.26130"?

The Babar.26130 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Babar.26130 virus can do?

Executable code extraction
At least one process apparently crashed during execution
Presents an Authenticode digital signature
Creates RWX memory
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
Queries information on disks, possibly for anti-virtualization
Detects the presence of Wine emulator via registry key
Checks the system manufacturer, likely for anti-virtualization
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

ec2-52-29-33-28.eu-central-1.compute.amazonaws.com

How to determine Babar.26130?


File Info:
crc32: 01CBBB52
md5: 3de557d195bd805492f24042aa545a32
name: 3DE557D195BD805492F24042AA545A32.mlw
sha1: 44bf8ff167affc6249c200955f82154246a11d36
sha256: 1a3cfed1066a7afc2fef5fdaf026c387aee5b473908eb250c802f707be717bc3
sha512: 8099e7f5172d771eeac7eaebf8f80e9e5407181ba88539caa156fb3b49664c3f7d365b176e48831f3b84fdcadf334704558f0b0c720fa57236ba99cfe8c98a8a
ssdeep: 12288:W0D4KU2l5lCU9SBBjmOOwKplrkzqaNZJtFtbz3mx7Xu0spPF:Rw2xCUqByNwCgZTXm7XulpPF
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2005-2017 Piriform Ltd
InternalName: ccleaner
FileVersion: 5, 32, 00, 6129
CompanyName: Piriform Ltd
Comments: CCleaner
ProductName: CCleaner
ProductVersion: 5, 32, 00, 6129
FileDescription: CCleaner
OriginalFilename: ccleaner.exe
Translation: 0x0409 0x04b0

Babar.26130 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0052106f1 )
Lionic	Adware.Win32.FileTour.2!c
Elastic	malicious (high confidence)
DrWeb	Trojan.InstallCube.2620
CAT-QuickHeal	SwBundler.ICLoader.YB5
ALYac	Gen:Variant.Babar.26130
Malwarebytes	Adware.FileTour
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
K7GW	Trojan ( 0052106f1 )
Cybereason	malicious.195bd8
Cyren	W32/S-81a5fa03!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GATN
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:AdWare.Win32.FileTour.hztq
BitDefender	Gen:Variant.Babar.26130
NANO-Antivirus	Trojan.Win32.Ekstak.ewfjdr
MicroWorld-eScan	Gen:Variant.Babar.26130
Tencent	Win32.Adware.Filetour.Lpbx
Ad-Aware	Gen:Variant.Babar.26130
Sophos	Generic PUA EE (PUA)
Comodo	TrojWare.Win32.Crypt.B@7o6bny
BitDefenderTheta	Gen:NN.ZexaF.34236.Bv1@aqkhn3mk
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Packed-OF!3DE557D195BD
FireEye	Generic.mg.3de557d195bd8054
Emsisoft	Application.InstallMon (A)
SentinelOne	Static AI – Malicious PE
Avira	ADWARE/ICLoader.Gen7
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.2376A9B
Microsoft	SoftwareBundler:Win32/ICLoader
GData	Gen:Variant.Babar.26130
AhnLab-V3	Adware/Win32.FileTour.R216468
Acronis	suspicious
McAfee	Packed-OF!3DE557D195BD
MAX	malware (ai score=96)
VBA32	Adware.FileTour
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.AF4A (CLASSIC)
Yandex	Trojan.GenAsa!f3FfjiRCjhQ
Ikarus	PUA.FileTour
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.GYQC!tr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml

How to remove Babar.26130?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Babar.26130”?