Categories: Malware

How to remove “Barys.2020 (B)”?

The Barys.2020 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.2020 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
CAPE detected the CyberGate malware family
Checks for the presence of known devices from debuggers and forensic tools
Checks for the presence of known devices from debuggers and forensic tools
CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
Creates a copy of itself
Creates known SpyNet mutexes and/or registry changes.

How to determine Barys.2020 (B)?


File Info:
name: C169BBC18D42F84E561B.mlwpath: /opt/CAPEv2/storage/binaries/9db555f3d7878785b187e8b2350af71933a6bfabbc88cbe30674b77ce39f228ccrc32: 51FB3012md5: c169bbc18d42f84e561bba8bded4204csha1: 0bd5c085887f6a2b3d6537e0f2f95093e257f1bfsha256: 9db555f3d7878785b187e8b2350af71933a6bfabbc88cbe30674b77ce39f228csha512: 3d4975bc3e800d37fb45e3ff3b3264085eb6ddd32f3938f2ce338057b9b4db0d24195d66cc1671200fd0054fe20314d72a17342a57e0dc5deab77d524a7a0402ssdeep: 12288:/tD2OLApFkbeM4PlT5Q78L5pZte/ymc7m:/p5ZbV4N5VdteRtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D284E0A26716FA01FD14DFF831A426C4013415ABDE7E8CB129C5CB95C66F7E8B3C9829sha3_384: 87e61a699e0f30bcbff9a0622c05bb3ce1cdf1f10a12458c2c612d272a8e0e6f9282538b9c49d7eef46ffc133792c8d6ep_bytes: 558becb9090000006a006a004975f953timestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Barys.2020 (B) also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.2020
ClamAV	Win.Dropper.DarkKomet-7403373-0
FireEye	Generic.mg.c169bbc18d42f84e
CAT-QuickHeal	Trojan.Generic.5931
ALYac	Gen:Variant.Barys.2020
Cylance	Unsafe
VIPRE	Gen:Variant.Barys.2020
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Password-Stealer ( 0040f2991 )
K7GW	Password-Stealer ( 0040f2991 )
Cybereason	malicious.18d42f
Cyren	W32/Delf.BF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.LFJ
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Barys.2020
NANO-Antivirus	Trojan.Win32.Zusy.unorg
Avast	Win32:Delf-RFT [Drp]
Rising	Trojan.Generic@AI.99 (RDML:WURvrSs3n9t9q7Uya+uHRA)
Ad-Aware	Gen:Variant.Barys.2020
Comodo	TrojWare.Win32.Injector.kiq@4k97lo
DrWeb	BackDoor.Cybergate.1
Zillya	Trojan.Injector.Win32.123367
McAfee-GW-Edition	BehavesLike.Win32.Wanex.fh
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Barys.2020 (B)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Barys.2020
Jiangmin	Trojan/Generic.agovh
Webroot	W32.Malware.Gen
Avira	TR/Graftor.59874
MAX	malware (ai score=85)
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	VirTool:Win32/Injector.BG!bit
Google	Detected
AhnLab-V3	Trojan/Win32.Llac.R36500
McAfee	PWS-Zbot.gen.bfk
Malwarebytes	Backdoor.LimeRat
Tencent	Win32.Trojan.Generic.Snkl
Yandex	Trojan.GenAsa!bv/xIZdcNCU
Ikarus	Trojan.Win32.Llac
Fortinet	W32/Injector.YZF!tr
BitDefenderTheta	AI:Packer.D63E6B101E
AVG	Win32:Delf-RFT [Drp]
Panda	Trj/Velphi.c
CrowdStrike	win/malicious_confidence_100% (W)