Backdoor

Backdoor:Win32/Lybsus!pz removal guide

Malware Removal

The Backdoor:Win32/Lybsus!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Lybsus!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Lybsus!pz?


File Info:

name: 7345F6DB58CCF875287C.mlw
path: /opt/CAPEv2/storage/binaries/2d318046aa3e77ec9a6e3958546433d9f67f90048829086d8b953bc25c9127dd
crc32: 3AA62833
md5: 7345f6db58ccf875287c512b173c60cf
sha1: 6223a03cb490bd37bc12f90de9bfa6f33df6770f
sha256: 2d318046aa3e77ec9a6e3958546433d9f67f90048829086d8b953bc25c9127dd
sha512: 7c0b2fb34a2c1fe9b4a7c9914c863942cf703bff124946f99ec298911afe77f6bd07849465675ef22137afa2e6a47893d8cfb12300a6a8e19583f8a5e597c4fd
ssdeep: 6144:a/gyW+z8gsDETTq7xPRU3PVdDFHTUTRuzIAV:TyVbaNPRWPi9uzIAV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4748D43B7D206A1F6AA1B3009BB96F067BBBC158E23868F9344732D1C71F605D6536B
sha3_384: b57b1b2b802c019dbb2bf1f880390202b04802aeb4a1958ce8251dd47543e7ae3e6742aa2ba2f24ece0af854e1a7747c
ep_bytes: 68f81a4000e8f0ffffff000000000000
timestamp: 2010-12-07 13:40:50

Version Info:

Translation: 0x0409 0x04b0
ProductName:
FileVersion: 1.00
ProductVersion: 1.00
InternalName: server
OriginalFilename: server.exe

Backdoor:Win32/Lybsus!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.331123
CAT-QuickHealTrojanPWS.VB.CX
SkyhighBehavesLike.Win32.PWSZbot.fh
McAfeeVB-BackDoor.a.gen
MalwarebytesFloxif.Virus.FileInfector.DDS
ZillyaTrojan.VB.Win32.51931
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/PSW.VB.NFA
APEXMalicious
ClamAVWin.Trojan.Genome-1821
KasperskyTrojan-Dropper.Win32.VB.attu
BitDefenderGen:Variant.Barys.331123
NANO-AntivirusTrojan.Win32.Small.dubsm
AvastWin32:Rootkit-gen [Rtk]
TencentMalware.Win32.Gencirc.10bfcbe8
TACHYONTrojan-Dropper/W32.VB-Agent.365282
EmsisoftGen:Variant.Barys.331123 (B)
GoogleDetected
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoader9.27220
VIPREGen:Variant.Barys.331123
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.7345f6db58ccf875
SophosMal/VB-GI
IkarusTrojan-PWS.Win32.VB
VaristW32/Trojan.WEMI-0877
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Dropper]/Win32.VB
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Lybsus!pz
XcitiumBackdoor.Win32.MoSucke.~N6@z1cm6
ArcabitTrojan.Barys.D50D73
ZoneAlarmTrojan-Dropper.Win32.VB.attu
GDataWin32.Trojan.PSE.1132CAQ
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win.VB.R642681
VBA32Rootkit.Small
ALYacGen:Variant.Barys.331123
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingRootkit.Small!1.6812 (CLASSIC)
YandexTrojan.GenAsa!+BIz/gE+44w
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.186762432.susgen
FortinetW32/VB.NFA!tr.pws
BitDefenderThetaGen:NN.ZevbaF.36802.wm1@au9kVSBi
AVGWin32:Rootkit-gen [Rtk]
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Lybsus!pz?

Backdoor:Win32/Lybsus!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment