How to remove “Lazy.196822”?

The Lazy.196822 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Lazy.196822 virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Lazy.196822?


File Info:
name: B05D9E90172C9FCBF343.mlw
path: /opt/CAPEv2/storage/binaries/291eae6b9e723af1f1974e8f84cdfa62dfbcf1c95f7c8d2fa6b796e84ade53dd
crc32: B2C3C6C5
md5: b05d9e90172c9fcbf343d2836988b586
sha1: 16c22929cb9fc0e6f49aff123292f5f583226cb3
sha256: 291eae6b9e723af1f1974e8f84cdfa62dfbcf1c95f7c8d2fa6b796e84ade53dd
sha512: ff1b9f9995f8e89934e9f8e1f33ec827470ea6cfb3fad7f1ac39c22a274731053722fe7614a74286fdb01cc621a606d135e8c9767b3f6c25e29206e40b4d5065
ssdeep: 3072:yBDugqwlq8brKfZywpT2jCbx6nrvvvbWx7rlq60DKEYtn1sRQW:yBDugqwltbiyUlbxIvvvC+6GFYtuK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C345F41EB975F2DFD38093A869E4C5763227F4221E3D73F764132188AE52D26D0EA87
sha3_384: 70d783f648206283f3369c436725a3d013bf8eb4c44f0f8ac56cf20ef928dc80b5b0e891730267ea3a0d716e55cf902a
ep_bytes: ff250020400000000000000000000000
timestamp: 2050-07-27 15:25:38

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: conver
FileVersion: 1.0.0.0
InternalName: conver.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: conver.exe
ProductName: conver
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Lazy.196822 also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Multi.Generic.4!c
MicroWorld-eScan	Gen:Variant.Lazy.196822
FireEye	Gen:Variant.Lazy.196822
ALYac	Gen:Variant.Lazy.196822
Cylance	Unsafe
Sangfor	Backdoor.Win32.Lazy.Vc1k
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/Generic.4fc2692c
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_60% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34698.oq0@a0H4yj
Cyren	W32/ABRisk.USZM-2479
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
TrendMicro-HouseCall	TROJ_GEN.R002C0PFQ22
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Lazy.196822
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Lazy.196822
VIPRE	Gen:Variant.Lazy.196822
TrendMicro	TROJ_GEN.R002C0PFQ22
McAfee-GW-Edition	RDN/Generic BackDoor
Sophos	Mal/Generic-S (PUA)
Ikarus	Trojan.MSIL.Crypt
Avira	HEUR/AGEN.1236560
Antiy-AVL	Trojan/Generic.ASMalwS.4AD6
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Lazy.196822
Google	Detected
AhnLab-V3	Trojan/Win.BackDoor.C5201113
McAfee	RDN/Generic BackDoor
MAX	malware (ai score=83)
APEX	Malicious
Rising	Backdoor.SpyGate!8.E154 (CLOUD)
Fortinet	PossibleThreat
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/Agent.TV

How to remove Lazy.196822?

Lazy.196822 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X