How to remove “Backdoor:Win32/Berbew!pz”?

The Backdoor:Win32/Berbew!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:Win32/Berbew!pz virus can do?

Creates an indicator observed in Territorial Disputes report SIG40
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Backdoor:Win32/Berbew!pz?


File Info:
name: 0FFA7139FFBAA9A7024B.mlw
path: /opt/CAPEv2/storage/binaries/4995bcee2cd631293067002da17471e7270fd3d06e6ba24449d0aa75e2107fe9
crc32: 46C61C56
md5: 0ffa7139ffbaa9a7024b4728842a5bbf
sha1: 7a1bb344d6c0b17a3296c7b885e5f2a025648a7f
sha256: 4995bcee2cd631293067002da17471e7270fd3d06e6ba24449d0aa75e2107fe9
sha512: 6e70d98a16f9a0b4b758150a5237d12e49d740d3c09436382fc0f9f5da25c623bed72b34ba6a5bc038b09a724662e347053fed5852bedb0523a04b6e4eb9079f
ssdeep: 768:aqM+1j5qwamnVllKybkuLBnSKkqP8N0tGiYWN0AZ/1H5Fb5nf1fZMEBFELvkVgFa:KeHYybbLBnSwPw0tcWlJNCyVso
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C436C5B9556FE0AFDA3C1F2544F46A3F83C877A93469B8E9C30E80E01447BA56B904F
sha3_384: f953082c4ae40134b9d661041cdfa0f16ed354b3cc682a78016f9f8af66984267f726f77d5a91c24f47bf3a6e6a7cbac
ep_bytes: 90906090909090b80010400090bbf87e
timestamp: 2023-07-29 18:29:59

Version Info:
0: [No Data]

Backdoor:Win32/Berbew!pz also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Backdoor.Hangup.B
Skyhigh	BehavesLike.Win32.Generic.qh
ALYac	Backdoor.Hangup.B
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005780dd1 )
K7GW	Trojan ( 005780dd1 )
Cybereason	malicious.4d6c0b
Arcabit	Backdoor.Hangup.B
BitDefenderTheta	AI:Packer.6CDB3E0D1E
VirIT	Worm.Win32.Berbew.G
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Spy.Qukart
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Crypted-32
Kaspersky	Trojan-Spy.Win32.Qukart.af
BitDefender	Backdoor.Hangup.B
NANO-Antivirus	Trojan.Win32.Qukart.jwlzsj
Avast	Win32:TrojanX-gen [Trj]
Tencent	Trojan-Ransom.Win32.Pornoasset.a
TACHYON	Backdoor/W32.Padodor
Emsisoft	Backdoor.Hangup.B (B)
Baidu	Win32.Trojan-Spy.Quart.a
F-Secure	Trojan.TR/Spy.Qukart.NB
DrWeb	BackDoor.HangUp.43832
VIPRE	Backdoor.Hangup.B
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.0ffa7139ffbaa9a7
Sophos	Mal/Padodor-A
Ikarus	Trojan.Crypt
Jiangmin	TrojanSpy.Qukart.ig
Varist	W32/Qukart.K.gen!Eldorado
Avira	TR/Spy.Qukart.NB
Antiy-AVL	Trojan[Proxy]/Win32.Qukart.gen
Kingsoft	malware.kb.a.1000
Microsoft	Backdoor:Win32/Berbew!pz
ZoneAlarm	Trojan-Spy.Win32.Qukart.af
GData	Backdoor.Hangup.B
Google	Detected
AhnLab-V3	Win-Trojan/Berbew.51712
Acronis	suspicious
McAfee	Trojan-FVOJ!0FFA7139FFBA
MAX	malware (ai score=89)
VBA32	BScope.Backdoor.Berbew
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Backdoor.Berbew!1.AE0A (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Qukart.A!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Berbew!pz?

Backdoor:Win32/Berbew!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X