Malware

How to remove “Barys.229498”?

Malware Removal

The Barys.229498 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.229498 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Anomalous binary characteristics

How to determine Barys.229498?



File Info:

name: EDD1B80EFC5A69CA2A0B.mlw
path: /opt/CAPEv2/storage/binaries/854896e2b66445a301a2c3253131745b365983cd2917f3279b730645cada5ea7
crc32: CF853C06
md5: edd1b80efc5a69ca2a0bdc0043dd1dd3
sha1: 366e0b0ceb2817b092019e5ed467c1703a6a15c5
sha256: 854896e2b66445a301a2c3253131745b365983cd2917f3279b730645cada5ea7
sha512: acbb8dbae2c75ae5913f41d227e0612eb83dcdbdf628b55bb514893c8d22337efd1404d12210abf860b059e0c1af4a39bd92948ecfedba3087f3e32c97cf885d
ssdeep: 6144:eBIXjZfILJfl9wURtEQvavdTkwLmtsWTb6443zc:hZgnixQKOwLQswSw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EA342313A24B7D11C23C4DBE604EBFB659679B1B2C409096DB3F8F93D468B91B784287
sha3_384: cbd1d5a029bd1a166fc9612ce439f02abc77d18161a04150b7b3296fee70efae33f8cd1e84c52b37a0ebcc10040c8e34
ep_bytes: 60be00f0d1008dbe00206effc7870c50
timestamp: 2005-09-02 09:26:37


Version Info:

0: [No Data]

Barys.229498 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Winlock.2876
MicroWorld-eScanGen:Variant.Barys.229498
FireEyeGeneric.mg.edd1b80efc5a69ca
ALYacGen:Variant.Barys.229498
CylanceUnsafe
ZillyaTrojan.Agent.Win32.132308
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( f1000f011 )
AlibabaRansom:Win32/LockScreen.7e1acd01
K7GWTrojan ( f1000f011 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34232.omHfaKPKdDe
VirITTrojan.Win32.Winlock.EGQ
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/LockScreen.VD
TrendMicro-HouseCallMal_Kryptik-3
ClamAVWin.Trojan.Agent-531142
KasperskyTrojan.Win32.Agent.hskv
BitDefenderGen:Variant.Barys.229498
NANO-AntivirusTrojan.Win32.Agent.ctymh
AvastFileRepMetagen [Malware]
TencentWin32.Trojan.Agent.Apcr
Ad-AwareGen:Variant.Barys.229498
EmsisoftGen:Variant.Barys.229498 (B)
ComodoMalware@#2ys92mght9u7u
VIPREPacked.Win32.PWSZbot.gen (v)
TrendMicroMal_Kryptik-3
McAfee-GW-EditionW32/Pinkslipbot.gen.ae
SophosMal/Generic-R + Mal/Agent-IE
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Agent.eqys
WebrootW32.Malware.Gen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.1895E50
KingsoftWin32.Heur.KVMH019.a.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
MicrosoftRansom:Win32/LockScreen.BA
ViRobotTrojan.Win32.A.Agent.244824[UPX]
GDataGen:Variant.Barys.229498
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Jorik.C1550
McAfeeArtemis!EDD1B80EFC5A
VBA32Trojan.Zeus.EA.0999
APEXMalicious
RisingRansom.LockScreen!8.83D (CLOUD)
YandexTrojan.GenAsa!2HJTgbg0ZHI
IkarusTrojan.Win32.Ransom
eGambitGeneric.Malware
FortinetW32/Kryptik.NAS!tr
AVGFileRepMetagen [Malware]
Cybereasonmalicious.efc5a6
PandaGeneric Malware
MaxSecureTrojan.Malware.300983.susgen

How to remove Barys.229498?

Barys.229498 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment