How to remove “Barys.356938”?

The Barys.356938 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Barys.356938 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Barys.356938?


File Info:
name: 4F6F4F7F424B734CB006.mlw
path: /opt/CAPEv2/storage/binaries/d80973c1ea5c692f6c1b7c121d0bf98f08fb96da6cf4bd3a8ff8bbd9e57cdb0a
crc32: ED2022AD
md5: 4f6f4f7f424b734cb006ba2a9db0e6ab
sha1: ded279da0f897545fc6c872b884b0faa867dc0fd
sha256: d80973c1ea5c692f6c1b7c121d0bf98f08fb96da6cf4bd3a8ff8bbd9e57cdb0a
sha512: 9fa54d038d5336ecc331b66a32d97eeba86593d1a0b6a9d6eed06793e964f1f9556beec5ac554db31d0d639d20429a246674468d32abc945bcac004a3f1ef5c4
ssdeep: 24576:Z17CM8s6ioW7G9g4STnjrapZrTC9s34TfvCjwN6ka4p3vs/1d60xERyptxKg:RHoWIWCQs34Fba46/PiuxK
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T159C5382439FA501AB173EFAA8BE479EADA6FB7733B07645D105103860723981DEC153E
sha3_384: 9745c1c77b3a5341c5fdfb9130d6873c5a80b415d8e192a2c31d2cc4bf913863e25c1c1c0518c8a98fbd7fe10ec154d7
ep_bytes: ff250020400001020102010201020102
timestamp: 2047-07-07 05:27:31

Version Info:
Translation: 0x0000 0x0514
ProductName: XVJ163ihkYmq
CompanyName: tMUn4TPx
InternalName: grJX53Mw60ha1skpO8.exe
LegalCopyright: jgdl3qqA1V6X1fvkhkp7g
Comments: Pw8xfdafOjUiE6
OriginalFilename: cQ.exe
ProductVersion: 155.851.696.108
FileVersion: 639.928.208.193

Barys.356938 also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Variant.Barys.356938
FireEye	Generic.mg.4f6f4f7f424b734c
ALYac	Gen:Variant.Barys.356938
Zillya	Trojan.Kryptik.Win32.3952121
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.a0f897
VirIT	Trojan.Win32.Genus.NBD
Cyren	W32/MSIL_Stealer.K.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.PEI
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Gen:Variant.Barys.356938
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Barys.356938
TACHYON	Trojan-Spy/W32.DN-InfoStealer.2577920
DrWeb	BackDoor.DarkCrystal.99
VIPRE	Gen:Variant.Barys.356938
Sophos	Troj/Krypt-SU
Ikarus	Trojan.MSIL.Crypt
GData	MSIL.Trojan.PSE.10RMAAZ
Jiangmin	TrojanSpy.MSIL.cwde
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/MSIL.Kryptik
Arcabit	Trojan.Barys.D5724A
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5304356
Acronis	suspicious
MAX	malware (ai score=89)
VBA32	TScope.Trojan.MSIL
Rising	Trojan.Generic/MSIL@AI.93 (RDM.MSIL:sEj+x/ldfQp56rJjeRsjQg)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Kryptik.PEI!tr
BitDefenderTheta	Gen:NN.ZemsilF.34796.Do0@ae5df4j
AVG	Win32:TrojanX-gen [Trj]

How to remove Barys.356938?

Barys.356938 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X