Bulz.491749 removal instruction

The Bulz.491749 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Bulz.491749 virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Bulz.491749?


File Info:
name: 306280ABE30A4EDFD88D.mlw
path: /opt/CAPEv2/storage/binaries/2f8b9bb4a69aa0bf56a51aeae8348d5c8a598581c03b0d379148a3b328f246ae
crc32: 525A7A64
md5: 306280abe30a4edfd88dac5edd6cbed2
sha1: a4fc781ed2b7afec2646f998ddd0a1c1661295d3
sha256: 2f8b9bb4a69aa0bf56a51aeae8348d5c8a598581c03b0d379148a3b328f246ae
sha512: 6b29c0b5b3dae978f82a022a5709056af0ae22ada8a1f49a105c0b9b7555ace749c2a21036c840ed644214cb71f5b4b05c3477ffc83e119f6cd34cc02b529162
ssdeep: 768:bLEocuX598XEb89FvdPmpQr6wD1Px0HP:bsXEbWwpePg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8F2F7AD13C50DCCC6DD297E22C19506A6B1EBC48A73D78B884EA1B50EC63D05F9326F
sha3_384: 126d579e61b447d3b335d04f0833f6b1f92d452c78d8beb15dfad2260388320c13260dc6479dc18e08e8e43a24319878
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-05-05 23:52:19

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Runtime Broker
FileVersion: 10.0.19041.746 (WinBuild.160101.0800)
InternalName: RuntimeBroker.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: RuntimeBroker.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.746
Translation: 0x0409 0x04b0

Bulz.491749 also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.491749
ALYac	Gen:Variant.Bulz.491749
Malwarebytes	Trojan.DBGDis.MSIL
Zillya	Trojan.Agent.Win32.2050809
Sangfor	Trojan.Win32.Wacatac.B
K7AntiVirus	Trojan ( 0057d9911 )
Alibaba	Trojan:MSIL/Bladabindi.abad4344
K7GW	Trojan ( 0057d9911 )
Cyren	W32/MSIL_Bladabindi.DD.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Agent.UMO.gen
BitDefender	Gen:Variant.Bulz.491749
Avast	Win32:Trojan-gen
Rising	Trojan.Agent!8.B1E (CLOUD)
Ad-Aware	Gen:Variant.Bulz.491749
Emsisoft	Gen:Variant.Bulz.491749 (B)
VIPRE	Gen:Variant.Bulz.491749
McAfee-GW-Edition	Artemis!Trojan
FireEye	Gen:Variant.Bulz.491749
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Agent
Google	Detected
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Bulz.D780E5
GData	Gen:Variant.Bulz.491749
AhnLab-V3	Trojan/Win.Generic.C4510063
McAfee	Artemis!306280ABE30A
MAX	malware (ai score=80)
Cylance	Unsafe
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.120332388.susgen
Fortinet	MSIL/Agent.UMO!tr
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Bulz.491749?

Bulz.491749 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X