Malware

Barys.244 (B) removal

Malware Removal

The Barys.244 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.244 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Barys.244 (B)?



File Info:

name: 93394D68BB356A0E5F6A.mlw
path: /opt/CAPEv2/storage/binaries/f86ba839bd0404d8c5bb314cc859c06034a0798563e99292a612c08a0c29cfe2
crc32: E6AA7DF4
md5: 93394d68bb356a0e5f6a99eeed4000d7
sha1: b00228891188582c692de58b282cc57cf2464081
sha256: f86ba839bd0404d8c5bb314cc859c06034a0798563e99292a612c08a0c29cfe2
sha512: 5256b6bbef11b7901c03d93d811160bdb7f0f1aceda502638cada7002952e69a0105cc271d63ac1c681236535217aceefc40c91b343e78578ae5939a96f8c737
ssdeep: 6144:c5KL9R/OYrxWTdPDchAEuGOeXGcYJP+a1IGGLsd5bKNDBiS4sbjdx+T:cML9R/OnBYSpmXGcYJPN1IGGgdQfL6T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1377423FD2F074D8FF23B473903AA8EC7DB8525CC5109BD26460C84AA66B60B1CD97667
sha3_384: fc01f568884f71f0ac431d6af9b8105c55c08e2edd8800be49bed331263dc56d5866b48e2430aa6bd0cc9e75b3525e91
ep_bytes: 6a286870204000e87402000033ff57ff
timestamp: 2009-12-18 19:48:31


Version Info:

FileDescription: Protected Application
FileVersion: 1, 0, 0, 1
ProductVersion: 1, 0, 0, 1
Comments: Is protected with Teggo MoleBox 4.2321
Translation: 0x0000 0x04b0

Barys.244 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Refroso.muCm
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.244
ClamAVWin.Trojan.Barys-6957974-0
CAT-QuickHealVirTool.DelfInject.AF
ALYacGen:Variant.Barys.244
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 001788e91 )
AlibabaTrojanPSW:Win32/Dybalom.9503333b
K7GWTrojan ( 001788e91 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/VBInject.V.gen!Eldorado
SymantecBackdoor.Bifrose!gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.MoleboxUltra suspicious
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.Dybalom.bkn
BitDefenderGen:Variant.Barys.244
NANO-AntivirusTrojan.Win32.Dybalom.dwahq
SUPERAntiSpywareTrojan.Agent/Gen-BigMole
AvastWin32:Evo-gen [Trj]
Ad-AwareGen:Variant.Barys.244
EmsisoftGen:Variant.Barys.244 (B)
ComodoBackdoor.Win32.Curioso.~dy02@1xq8fq
DrWebTrojan.PWS.Dybalom
VIPREGen:Variant.Barys.244
TrendMicroTROJ_BRDLAB.SMEP
McAfee-GW-EditionGenericRXAA-WT!93394D68BB35
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.93394d68bb356a0e
SophosML/PE-A + Mal/BigMole-B
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.244
JiangminTrojan/PSW.Dybalom.bsx
WebrootWorm:Win32/Rebhip.A
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASBOL.C615
ArcabitTrojan.Barys.244
ViRobotTrojan.Win32.A.PSW-Dybalom.348360.AJ
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Bifrose.R1707
Acronissuspicious
McAfeeGenericRXAA-WT!93394D68BB35
VBA32BScope.Trojan.Inject
MalwarebytesTrojan.MalPack.Generic
TrendMicro-HouseCallTROJ_BRDLAB.SMEP
RisingTrojan.Generic@AI.100 (RDMK:UyKXEQZv3sYz8bUljh0xhg)
YandexTrojan.GenAsa!XMiXPNBz8gY
IkarusTrojan-PWS.Win32.Dybalom
MaxSecurePacked.Rebhip.a
FortinetW32/Refroso.BKBI!tr
BitDefenderThetaGen:NN.ZexaF.34698.vq1@auWmS4b
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.8bb356
PandaTrj/CI.A

How to remove Barys.244 (B)?

Barys.244 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment