Categories: Malware

Barys.2014 removal guide

The Barys.2014 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.2014 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
The binary contains an unknown PE section name indicative of packing
The executable is likely packed with VMProtect
Authenticode signature is invalid
Checks for the presence of known devices from debuggers and forensic tools
Checks for the presence of known devices from debuggers and forensic tools
Anomalous binary characteristics

How to determine Barys.2014?


File Info:
name: 75A703059053EFB81220.mlwpath: /opt/CAPEv2/storage/binaries/2db62cc6d300d7b4ab03a70d6e6724054058acbbf6ee6047c32c4f7deb0900cfcrc32: 2E462DFDmd5: 75a703059053efb81220594bd9bf4c8esha1: 9289328e7513171b40ad51101e0091c79cacc9dfsha256: 2db62cc6d300d7b4ab03a70d6e6724054058acbbf6ee6047c32c4f7deb0900cfsha512: 7cc7c25cd7d74ddc4b1ca180050fe3fa98f48e7a5e08ffa3d85b56e8c19cd83ed5a595560787fdae30fe6faf5e81d0f7185696d2357691887630e6caae537598ssdeep: 768:JupZtHFTf1DBfP1IDZQxEmPu/pBl980O3XBKw+EUO5uy5R7:op7Hdf1DFdIDZyRQQJnBLX9vtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T19F436C22B55D8632F24887B70A6297F299197D74DE416F2B395AFF2C3D342839E91303sha3_384: 29aee3bad7226555349a187d03b0756847cdc41565e043c5c4dc1979ad1015c4790aa0eb056dc45aec89462277afd7bbep_bytes: 6844844000e8451e0000757365723332timestamp: 2008-08-14 11:14:58
Version Info:
Translation: 0x0409 0x04b0CompanyName: Le!Tj0 CoDeRProductName: Project1FileVersion: 1.00ProductVersion: 1.00InternalName: You StubOriginalFilename: You Stub.exe

Barys.2014 also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Blocker.j!c
MicroWorld-eScan	Gen:Variant.Barys.2014
FireEye	Generic.mg.75a703059053efb8
McAfee	Generic Malware.ja
Cylance	Unsafe
Zillya	Backdoor.Poison.Win32.9722
Sangfor	Suspicious.Win32.Save.vb
K7AntiVirus	Trojan ( 0055e3df1 )
Alibaba	Ransom:Win32/Blocker.b270c34a
K7GW	Trojan ( 0055e3df1 )
Cybereason	malicious.59053e
Cyren	W32/Heuristic-162!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.VB.NFZ
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Blocker.hghp
BitDefender	Gen:Variant.Barys.2014
NANO-Antivirus	Trojan.Win32.Poison.jhgi
APEX	Malicious
Ad-Aware	Gen:Variant.Barys.2014
Emsisoft	Gen:Variant.Barys.2014 (B)
Comodo	Backdoor@#o57cfqatm6ip
DrWeb	Trojan.MulDrop.28816
VIPRE	Gen:Variant.Barys.2014
Sophos	ML/PE-A + Mal/Packer
Ikarus	Trojan-Dropper.Win32.VB
Jiangmin	Backdoor/PoisonIvy.bhz
Webroot	Vir.Tool.Gen
Avira	HEUR/AGEN.1226412
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.77
Kingsoft	Win32.Hack.Poison.i.(kcloud)
Arcabit	Trojan.Barys.D7DE
ViRobot	Backdoor.Win32.Poison.57344
GData	Gen:Variant.Barys.2014
Google	Detected
VBA32	Malware-Cryptor.VB.gen.1
ALYac	Gen:Variant.Barys.2014
TACHYON	Backdoor/W32.Poison.57344
Malwarebytes	Malware.Heuristic.1003
Avast	Win32:VB-PPV [Drp]
Tencent	Win32.Trojan.Blocker.Uwhl
SentinelOne	Static AI – Malicious PE
Fortinet	W32/BackDoor.IRO!tr.bdr
AVG	Win32:VB-PPV [Drp]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_70% (W)