Malware

Buzy.3120 removal tips

Malware Removal

The Buzy.3120 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Buzy.3120 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • Attempts to modify Internet Explorer’s start page
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Buzy.3120?



File Info:

name: EF37B9D2068BD6CBCC1C.mlw
path: /opt/CAPEv2/storage/binaries/e9e832ee6cd9d5e606475bf9679a918c747f7bccbb6dd14e0370a72fd7ae623f
crc32: 41A44CAD
md5: ef37b9d2068bd6cbcc1c07360f1a8b6c
sha1: 382621e169f4fea4249e19211c7db561a9d6e807
sha256: e9e832ee6cd9d5e606475bf9679a918c747f7bccbb6dd14e0370a72fd7ae623f
sha512: b739af20f46c91ec798f0f380742b5f7f6971d17a28ece13693ea47750ea5231d07de53d0baf4e6f17020b0890034c0f1564d06d65f16696ee867226a6cc732a
ssdeep: 3072:71i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1gs5YmMOMYcYY51i/:Zi/NjO5xbg/CSUFLTwMjs6y3Oai/NDt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135D3073AF655506CF28205702E71B627A626BD345D81E80EFB055B1968B83C7F1F8F2B
sha3_384: 9111dff587afc6b5a0c12e75c9c6a55655c93904416feda14fb4b7e67e3bf5dff4e7049bfd2519da20bba549db698a8c
ep_bytes: 68f4764000e8f0ffffff000000000000
timestamp: 2007-06-17 08:25:36


Version Info:

Translation: 0x0804 0x04b0
CompanyName: QVOD
LegalCopyright: QVOD
ProductName: QVOD
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 工程1
OriginalFilename: 工程1.exe

Buzy.3120 also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Buzy.3120
FireEyeGeneric.mg.ef37b9d2068bd6cb
McAfeeGenericRXAE-GJ!EF37B9D2068B
CylanceUnsafe
VIPREGen:Variant.Buzy.3120
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.2068bd
BitDefenderThetaAI:Packer.E2CF7C8120
CyrenW32/StartPage.BD.gen!Eldorado
SymantecSMG.Heur!gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/VB.PRB
TrendMicro-HouseCallTROJ_AGENT_0000c4a.TOMA
ClamAVWin.Trojan.Agent-353427
KasperskyTrojan.Win32.Scar.hnea
BitDefenderGen:Variant.Buzy.3120
NANO-AntivirusTrojan.Win32.StartPage.covjup
APEXMalicious
TencentMalware.Win32.Gencirc.11bb5551
Ad-AwareGen:Variant.Buzy.3120
EmsisoftGen:Variant.Buzy.3120 (B)
ComodoTrojWare.Win32.Agent.ddpg@4fetn6
DrWebTrojan.Click1.59703
ZillyaTrojan.Agent.Win32.131161
McAfee-GW-EditionBehavesLike.Win32.Trojan.cm
Trapminesuspicious.low.ml.score
SophosML/PE-A + Mal/StartP-A
IkarusTrojan-Dropper.Agent
GDataGen:Variant.Buzy.3120
JiangminTrojan/Agent.ecmu
AviraTR/Dropper.Gen
ArcabitTrojan.Buzy.DC30
ViRobotTrojan.Win32.A.Agent.132420.A
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.StartPage.R19634
VBA32Trojan.VBRA.02582
ALYacGen:Variant.Buzy.3120
MAXmalware (ai score=82)
MalwarebytesMalware.AI.2402674283
AvastWin32:DropperX-gen [Drp]
YandexTrojan.GenAsa!3+mYuwkmzA8
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.HQVL!tr
AVGWin32:DropperX-gen [Drp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Buzy.3120?

Buzy.3120 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment