Malware

Barys.431081 (B) removal guide

Malware Removal

The Barys.431081 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Barys.431081 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Barys.431081 (B)?


File Info:

name: 37474A8612913515904F.mlw
path: /opt/CAPEv2/storage/binaries/0a68f3bb3cfc466a77186991cad8b62e7b5fbaab3323be8dcb913b196234b371
crc32: 179B6DF2
md5: 37474a8612913515904fcce64bfec196
sha1: 93158912671b59e51032cf4d95bd027a108b3c3c
sha256: 0a68f3bb3cfc466a77186991cad8b62e7b5fbaab3323be8dcb913b196234b371
sha512: 20814ef878b54451aca339e8acc129cfd22d689de76823983e19f2cdc1d22f9da847e8f15cd98a30d9cbf9f3575ead49044a96a9fc3e2c4ecc170dc528c49390
ssdeep: 1536:tpQ8pkDBeZUBFTgVjtXZTto1e9uCLBCPr8/NL44PerV5I8kIi/2O:7bp2eZU7TgdTq1ZrJO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10CC3D53FBA169465E519293029F7C7F616BB6C1A2E0B505B6B0037BA4DB3F000C9DE67
sha3_384: 73aca2c388c82136aeed013cb6f43c95f06f448a2c07c9099d13b059994c673d01e4d0cc4c4bea35ef87167c06dcc90c
ep_bytes: 689c134000e8eeffffff000000000000
timestamp: 2012-09-25 06:23:42

Version Info:

0: [No Data]

Barys.431081 (B) also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.Vobfus.lEck
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.431081
FireEyeGeneric.mg.37474a8612913515
CAT-QuickHealWorm.VobfusMF.S28101913
SkyhighBehavesLike.Win32.Generic.ct
ALYacGen:Variant.Barys.431081
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
AlibabaWorm:Win32/Vobfus.5a73cad7
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36804.hmX@aeBxWJf
VirITTrojan.Win32.Generic.GIZ
SymantecW32.Changeup!gen20
ESET-NOD32Win32/Pronny.FQ
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0CD124
Paloaltogeneric.ml
ClamAVWin.Trojan.VB-1720
KasperskyWorm.Win32.Vobfus.agxr
BitDefenderGen:Variant.Barys.431081
NANO-AntivirusTrojan.Win32.Autoruner.cinaru
AvastWin32:VB-AEOA [Trj]
TencentWorm.Win32.Vobfus.ky
EmsisoftGen:Variant.Barys.431081 (B)
BaiduWin32.Worm.Pronny.ew
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner1.26616
ZillyaWorm.Vobfus.Win32.1516512
TrendMicroTROJ_GEN.R002C0CD124
Trapminemalicious.high.ml.score
SophosMal/Generic-S
MAXmalware (ai score=85)
GDataWin32.Trojan.PSE.56P7T0
JiangminTrojan/Vbobf.b
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Dropper.Gen
VaristW32/VB.HD.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
KingsoftWin32.Worm.Vobfus.agxr
XcitiumWorm.Win32.VB.IVZ@4rktsd
ArcabitTrojan.Barys.D693E9
ViRobotWorm.Win32.A.Vobfus.118784
ZoneAlarmWorm.Win32.Vobfus.agxr
MicrosoftWorm:Win32/Vobfus.IJ
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Vobfus.R37786
McAfeeVBObfus.dv
VBA32Worm.Vobfus
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingWorm.VobfusEx!1.99EB (CLASSIC)
YandexTrojan.GenAsa!fYvWsAMx25M
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.11612875.susgen
FortinetW32/VBObfus.AU!tr
AVGWin32:VB-AEOA [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Pronny.FO

How to remove Barys.431081 (B)?

Barys.431081 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment