Malware

Buzy.810 removal tips

Malware Removal

The Buzy.810 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Buzy.810 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Buzy.810?



File Info:

name: E52B9425EB3C7FFFD0B9.mlw
path: /opt/CAPEv2/storage/binaries/64bb3141866a3e2bafadddd80f8b489706f7f8293f5cf99d58e955c87c0a29f1
crc32: A6E9B511
md5: e52b9425eb3c7fffd0b900cedc9a779e
sha1: adf3fc532820291299b16383cb52da1a55723465
sha256: 64bb3141866a3e2bafadddd80f8b489706f7f8293f5cf99d58e955c87c0a29f1
sha512: e91fab6c47de81ddff7c43b24ac59fa28d066dd1b1480159232bc658845eb77dab4c373777555ee7a409236b83811c2658dfa485b90375d97c9b5bb4b6fd8576
ssdeep: 49152:ONFLLyeWYG9b8OZBoGel5mNFLLyeWYG9b8OZBoGel56:uLeeLGZ84LeeLGZ8g
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18906BE20BBE7C176DA921530087AD71D1336BE420B519ECBFB982E4EAD723C15D3A356
sha3_384: 3434b6d5c14e233a03d50b664657dd812febe745d4fe0dace8fb724cfe3d73f7ca32f3268b4fcd90e228fc0a2a9e4afe
ep_bytes: ff250020400000000000000000000000
timestamp: 2010-10-17 20:39:32


Version Info:

Translation: 0x0000 0x04b0
Comments: Steam
CompanyName: Valve
FileDescription: Steam
FileVersion: 1.0.868.88
InternalName: Steam.exe
LegalCopyright: © Copyright 2000-20003 Valve Corperation
LegalTrademarks: Valve
OriginalFilename: Steam.exe
ProductName: Steam
ProductVersion: 1.0.868.88
Assembly Version: 1.0.0.0

Buzy.810 also known as:

LionicTrojan.Win32.Generic.4!c
FireEyeGeneric.mg.e52b9425eb3c7fff
McAfeeArtemis!E52B9425EB3C
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforRiskware.Win32.Agent.ky
K7AntiVirusTrojan ( 004e305f1 )
AlibabaTrojan:MSIL/Generic.af178d7c
K7GWTrojan ( 004e305f1 )
Cybereasonmalicious.5eb3c7
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/PSW.Facebook.FT
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Buzy.810
NANO-AntivirusTrojan.Win32.Buzy.ebahmi
MicroWorld-eScanGen:Variant.Buzy.810
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Ahxz
Ad-AwareGen:Variant.Buzy.810
EmsisoftGen:Variant.Buzy.810 (B)
ZillyaTrojan.Steam.Win32.1195
TrendMicroTROJ_GEN.R002C0WJ221
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusWin32.SuspectCrc
GDataGen:Variant.Buzy.810
eGambitUnsafe.AI_Score_97%
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.SGeneric
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ViRobotTrojan.Win32.S.Agent.3700738
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
BitDefenderThetaGen:NN.ZemsilF.34212.Ht1@a8u@jie
ALYacGen:Variant.Buzy.810
MAXmalware (ai score=82)
VBA32Trojan.MSIL.gen.11
MalwarebytesTrojan.Agent.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0WJ221
YandexTrojan.Agent!wxZsqCLYLss
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Generic.DN.437165!tr
WebrootW32.Malware.Heur.Dkvt
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Buzy.810?

Buzy.810 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment