Barys.11445 removal

The Barys.11445 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.11445 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Reads data out of its own binary image
Drops a binary and executes it
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Interacts with known DarkComet registry keys

Related domains:

z.whorecord.xyz

a.tomx.xyz

directlinks.eu.pn

How to determine Barys.11445?


File Info:
crc32: 2F299C9F
md5: 71505b55049d448821f3e05c0dbc3708
name: 71505B55049D448821F3E05C0DBC3708.mlw
sha1: a7d5573cb0f4ede69ccba313f7cdfea8e46ee956
sha256: 9cca54e203d183be10960046466801793037f0e0f5999a49e66f9429f3549cd7
sha512: 847559f2acc8594a39a2921fda18bacafaee19bbf12a315d604c4d269274f8cd9d05c2dff65d8989ead01b95ac2ba9a7662faee100ff13226a688499ad841431
ssdeep: 12288:kqHOerqtSPQ5XWSXgd37Scs5HW+I48mmzUNKeBtF5cyT3PDYLjA3TUzzqNd8E1f:VHFqYP2mSd52InmziB75cYYLMAazI
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2012
Assembly Version: 1.0.0.0
InternalName: Window.exe
FileVersion: 1.0.0.0
ProductName: Window
ProductVersion: 1.0.0.0
FileDescription: Window
OriginalFilename: Window.exe

Barys.11445 also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Winlock.7516
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Barys.11445
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.408848
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Ransom:Win32/Blocker.0720fbb3
Cybereason	malicious.5049d4
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.AUT
APEX	Malicious
Avast	Win32:AutoRun-CXY [Trj]
ClamAV	Win.Virus.Blocker-634
Kaspersky	Trojan-Ransom.Win32.Blocker.wwm
BitDefender	Gen:Variant.Barys.11445
NANO-Antivirus	Trojan.Win32.TrjGen.dklzqd
MicroWorld-eScan	Gen:Variant.Barys.11445
Tencent	Win32.Trojan.Blocker.Aexk
Ad-Aware	Gen:Variant.Barys.11445
Sophos	Mal/Generic-S
Comodo	Malware@#15xhky2axfban
BitDefenderTheta	Gen:NN.ZemsilF.34690.1q0@aa@9bfni
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.71505b55049d4488
Emsisoft	Gen:Variant.Barys.11445 (B)
Jiangmin	Trojan/Blocker.afh
Webroot	W32.Rogue.Gen
Avira	TR/Dropper.MSIL.Gen
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.1E1786
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Backdoor:Win32/Fynloski.A
Arcabit	Trojan.Barys.D2CB5
AegisLab	Trojan.Win32.Generic.lYeJ
ZoneAlarm	Trojan-Ransom.Win32.Blocker.wwm
GData	Gen:Variant.Barys.11445
McAfee	Artemis!71505B55049D
MAX	malware (ai score=100)
VBA32	TScope.Trojan.MSIL
Panda	Trj/CI.A
Rising	Ransom.Blocker!8.12A (CLOUD)
Yandex	Backdoor.DarkKomet!3+7IAeeOKVI
Ikarus	Trojan.Win32.Spy
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Injector.RDV!tr
AVG	Win32:AutoRun-CXY [Trj]
Paloalto	generic.ml

How to remove Barys.11445?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.