Malware

How to remove “Barys.2020 (B)”?

Malware Removal

The Barys.2020 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.2020 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the CyberGate malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Creates a copy of itself
  • Creates known SpyNet mutexes and/or registry changes.

How to determine Barys.2020 (B)?



File Info:

name: C169BBC18D42F84E561B.mlw
path: /opt/CAPEv2/storage/binaries/9db555f3d7878785b187e8b2350af71933a6bfabbc88cbe30674b77ce39f228c
crc32: 51FB3012
md5: c169bbc18d42f84e561bba8bded4204c
sha1: 0bd5c085887f6a2b3d6537e0f2f95093e257f1bf
sha256: 9db555f3d7878785b187e8b2350af71933a6bfabbc88cbe30674b77ce39f228c
sha512: 3d4975bc3e800d37fb45e3ff3b3264085eb6ddd32f3938f2ce338057b9b4db0d24195d66cc1671200fd0054fe20314d72a17342a57e0dc5deab77d524a7a0402
ssdeep: 12288:/tD2OLApFkbeM4PlT5Q78L5pZte/ymc7m:/p5ZbV4N5VdteR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D284E0A26716FA01FD14DFF831A426C4013415ABDE7E8CB129C5CB95C66F7E8B3C9829
sha3_384: 87e61a699e0f30bcbff9a0622c05bb3ce1cdf1f10a12458c2c612d272a8e0e6f9282538b9c49d7eef46ffc133792c8d6
ep_bytes: 558becb9090000006a006a004975f953
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Barys.2020 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.2020
ClamAVWin.Dropper.DarkKomet-7403373-0
FireEyeGeneric.mg.c169bbc18d42f84e
CAT-QuickHealTrojan.Generic.5931
ALYacGen:Variant.Barys.2020
CylanceUnsafe
VIPREGen:Variant.Barys.2020
SangforSuspicious.Win32.Save.a
K7AntiVirusPassword-Stealer ( 0040f2991 )
K7GWPassword-Stealer ( 0040f2991 )
Cybereasonmalicious.18d42f
CyrenW32/Delf.BF.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.LFJ
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.2020
NANO-AntivirusTrojan.Win32.Zusy.unorg
AvastWin32:Delf-RFT [Drp]
RisingTrojan.Generic@AI.99 (RDML:WURvrSs3n9t9q7Uya+uHRA)
Ad-AwareGen:Variant.Barys.2020
ComodoTrojWare.Win32.Injector.kiq@4k97lo
DrWebBackDoor.Cybergate.1
ZillyaTrojan.Injector.Win32.123367
McAfee-GW-EditionBehavesLike.Win32.Wanex.fh
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.2020 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Barys.2020
JiangminTrojan/Generic.agovh
WebrootW32.Malware.Gen
AviraTR/Graftor.59874
MAXmalware (ai score=85)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftVirTool:Win32/Injector.BG!bit
GoogleDetected
AhnLab-V3Trojan/Win32.Llac.R36500
McAfeePWS-Zbot.gen.bfk
MalwarebytesBackdoor.LimeRat
TencentWin32.Trojan.Generic.Snkl
YandexTrojan.GenAsa!bv/xIZdcNCU
IkarusTrojan.Win32.Llac
FortinetW32/Injector.YZF!tr
BitDefenderThetaAI:Packer.D63E6B101E
AVGWin32:Delf-RFT [Drp]
PandaTrj/Velphi.c
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Barys.2020 (B)?

Barys.2020 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment