Malware

Buzy.3895 (B) malicious file

Malware Removal

The Buzy.3895 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Buzy.3895 (B) virus can do?

  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

How to determine Buzy.3895 (B)?



File Info:

crc32: 52C017BB
md5: a64b6616138e1da6abb78b620926086b
name: A64B6616138E1DA6ABB78B620926086B.mlw
sha1: 2d9150b0a31de1730e2cf0148a7e87ce58328a13
sha256: 51cf8531b114c9c8630270b9dbf19563df883e6e07e9127b1f5dcd451ef37332
sha512: 58cf49cf5908aabb2cf2883405f734c52323c385e7896ff9d81a383f9759e68d1a1a1886bc8d9a8bbaee9748bd149302dd026de2de34974637e12705d9de981f
ssdeep: 12288:9ZNNDPDqNzKbtB1aV69KrJtUAK53bARtbx3kcInmrdR6HBQTL16WK3Geoyda:9ZTyzKxDVKr8AKRbARtbbrDTTIb3QX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 
InternalName: 
FileVersion: 1.0.0.51
CompanyName: HP Printers
LegalTrademarks: HP Printers
ProductName: 
ProductVersion: 1.0.0.0
FileDescription: Utility printer driver
OriginalFilename: 
Translation: 0x0416 0x04e4

Buzy.3895 (B) also known as:

BkavW32.AIDetect.malware1
K7AntiVirusSpyware ( 0026b47a1 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop7.21669
CynetMalicious (score: 100)
ALYacGen:Variant.Buzy.3895
CylanceUnsafe
ZillyaTrojan.Agent.Win32.148927
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanSpy:Win32/Banker.ee0f2498
K7GWSpyware ( 0026b47a1 )
Cybereasonmalicious.6138e1
CyrenW32/Banker.V.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Banker.WGA
ZonerTrojan.Win32.79693
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Trojan.Agent-419235
KasperskyHEUR:Trojan-Ransom.Win32.Blocker.gen
BitDefenderGen:Variant.Buzy.3895
NANO-AntivirusTrojan.Win32.Agent.dpnib
ViRobotTrojan.Win32.A.Agent.1050112.A
SUPERAntiSpywareTrojan.Agent/Gen-Banker
MicroWorld-eScanGen:Variant.Buzy.3895
TencentMalware.Win32.Gencirc.10b0d207
Ad-AwareGen:Variant.Buzy.3895
SophosMal/Generic-S + Troj/Agent-BCNT
ComodoTrojWare.Win32.Spy.Banker.VIS@8ekceg
BitDefenderThetaGen:NN.ZelphiF.34608.aH0@aOrOajhG
VIPRETrojan.Win32.Generic!SB.0
TrendMicroTrojanSpy.Win32.BANKER.SMTH
McAfee-GW-EditionBehavesLike.Win32.PWSBanker.th
FireEyeGeneric.mg.a64b6616138e1da6
EmsisoftGen:Variant.Buzy.3895 (B)
SentinelOneStatic AI – Suspicious PE
AviraDR/Delphi.Gen
eGambitUnsafe.AI_Score_99%
KingsoftHeur.SSC.2656812.1216.(kcloud)
MicrosoftTrojanSpy:Win32/Banker
ArcabitTrojan.Buzy.DF37
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan-Ransom.Win32.Blocker.gen
GDataWin32.Trojan-Stealer.Banker.AK
AhnLab-V3Trojan/Win32.Agent.C64982
Acronissuspicious
McAfeePWS-Banker.gen.ez
MAXmalware (ai score=87)
VBA32Trojan.Runner.4705
MalwarebytesTrojan.Banker
PandaGeneric Malware
TrendMicro-HouseCallTrojanSpy.Win32.BANKER.SMTH
RisingRansom.Blocker!8.12A (KTSE)
IkarusTrojan-Banker.Win32.Delf
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Banker.WGA!tr
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360HEUR/QVM05.1.C1FD.Malware.Gen

How to remove Buzy.3895 (B)?

Buzy.3895 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment