Bulz.401239 removal guide

The Bulz.401239 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.401239 virus can do?

Creates RWX memory
A process attempted to delay the analysis task.
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Polish
Unconventionial language used in binary resources: Polish
The binary likely contains encrypted or compressed data.
Queries information on disks, possibly for anti-virtualization
Network activity contains more than one unique useragent.
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Harvests information related to installed mail clients
Makes SMTP requests, possibly sending spam or exfiltrating data.
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

www.bilan.pl

a.tomx.xyz

www.av-soft.com

mail.bilan.pl

How to determine Bulz.401239?


File Info:
crc32: 25A30B33
md5: b84e9ac89133e621d9e7ee5562d674f8
name: B84E9AC89133E621D9E7EE5562D674F8.mlw
sha1: 51b93f4840f3f3c6a01633c4c2fdd0358da5199e
sha256: 212f4e345978b2c28e8c6cc59a4e5745badd843082ac7b38ab5b786d8b4f3af7
sha512: fa8f43c4994b1a2dfe164718a1c8da9b0d0f73cc9f3b65a9c0bfee8efffa0eeb2a85226af4bbed428c95338c8f9ae840ab372e2a7bc06dd1ac726aa51ead4d24
ssdeep: 24576:RcQiSV0a6k6+C4x/yLexQq50OaPROMUkkrlauMLrLUGcqhHVRaRIRnYpQpY7mqx:0SGkzeOa5UPlOLrINCwpSc
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 2001-2018 Pawel Bilka
InternalName: 
FileVersion: 2.22.1.119
CompanyName: Pracownia Projektowa BILAN
LegalTrademarks: 
Comments: 
ProductName: 
ProductVersion: 2.20
FileDescription: 
OriginalFilename: 
Translation: 0x0415 0x04e2

Bulz.401239 also known as:

K7AntiVirus	Trojan ( 00517b171 )
ALYac	Gen:Variant.Bulz.401239
Cylance	Unsafe
Zillya	Trojan.Bitman.Win32.3254
CrowdStrike	win/malicious_confidence_70% (D)
Alibaba	Trojan:Application/BitMan.cd167034
K7GW	Trojan ( 00517b171 )
Cybereason	malicious.89133e
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.TTHUAY
APEX	Malicious
Avast	Win32:Malware-gen
BitDefender	Gen:Variant.Bulz.401239
NANO-Antivirus	Trojan.Win32.Bitman.esyyqs
MicroWorld-eScan	Gen:Variant.Bulz.401239
Tencent	Win32.Trojan.Bitman.Pezm
Ad-Aware	Gen:Variant.Bulz.401239
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZelphiF.34142.wL0@a0srF8bO
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.th
FireEye	Generic.mg.b84e9ac89133e621
Emsisoft	Gen:Variant.Bulz.401239 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bitman.atm
Antiy-AVL	Trojan/Generic.ASMalwS.21DC530
Microsoft	PWS:Win32/Fareit!ml
GData	Gen:Variant.Bulz.401239
AhnLab-V3	Malware/Win32.Generic.C2335244
McAfee	GenericRXCC-TW!B84E9AC89133
MAX	malware (ai score=99)
VBA32	TScope.Trojan.Delf
Malwarebytes	Malware.AI.2602851036
Panda	Trj/GdSda.A
Rising	Trojan.Generic@ML.100 (RDML:2JP9pyJg8R+fgLkmaGiQjQ)
Yandex	Trojan.GenAsa!xJ0r0384VVY
Ikarus	Trojan-Ransom.BitMan
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	GenericRXCC.TW!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Bulz.401239?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.