Razy.168914 (B) removal guide

The Razy.168914 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Razy.168914 (B) virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Razy.168914 (B)?


File Info:
name: A2E9AB4BF584956CD1E2.mlw
path: /opt/CAPEv2/storage/binaries/661228b3adea4da913ea820d963a3ee7bb2f14732e461be5dcb629607d2005c5
crc32: A0888E3A
md5: a2e9ab4bf584956cd1e2e75bbc8c97c2
sha1: 879ed3f3d4fd3d512e281d5e3bcfdf79c92dc801
sha256: 661228b3adea4da913ea820d963a3ee7bb2f14732e461be5dcb629607d2005c5
sha512: 5ca781b036d30dd5ddcf2a0bbd2da226fadaafd98150aeeb12fc2334684586e3e18db6eef6c546f8efb8ff45125e3992efeec0c99ffa23306939db2a7f6ed32a
ssdeep: 3072:hXAVM8enRnF7+rLgftU7W2FqBao4HlmV6/m5Pqi7SLWNhELl/JevbRcMyZmZ6Vno:hX97+X0QW2k4F8i0hESTeMya6VR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DB447B1A7252D876E0640030456777B2CAF8AC321C196757E784FE2F7D362D2EF29B86
sha3_384: e2ea0e59add4f355f390ff9c470e734308aff39b4bcca294487766525f68a99e6ae74ed7a6f2b35e594fea7cbb9e58f0
ep_bytes: e80a000000e964eaffff90909090908b
timestamp: 2000-10-14 20:04:48

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows Task Manager
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: taskmgr
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: taskmgr.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Razy.168914 (B) also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.168914
FireEye	Generic.mg.a2e9ab4bf584956c
McAfee	Artemis!A2E9AB4BF584
Cylance	Unsafe
Sangfor	Trojan.Win32.Occamy.C
Alibaba	Trojan:Win32/Virut.9ef7e7ab
Cybereason	malicious.bf5849
BitDefenderTheta	Gen:NN.ZexaF.34084.pq2@aqnyA2ci
Cyren	W32/S-a39c9901!Eldorado
Symantec	ML.Attribute.HighConfidence
Paloalto	generic.ml
BitDefender	Gen:Variant.Razy.168914
Avast	Win32:Virut-ANS
Ad-Aware	Gen:Variant.Razy.168914
Sophos	Mal/Generic-S
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Virutrem.dh
Emsisoft	Gen:Variant.Razy.168914 (B)
Ikarus	Trojan.Patched
GData	Gen:Variant.Razy.168914
Avira	TR/Patched.Ren.Gen
Microsoft	Trojan:Win32/Occamy.C66
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Razy.168914
MAX	malware (ai score=86)
Malwarebytes	Malware.AI.3731372258
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic.AC.24FA!tr
AVG	Win32:Virut-ANS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Razy.168914 (B)?

Razy.168914 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X