Razy.600165 removal

The Razy.600165 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.600165 virus can do?

Executable code extraction
Creates RWX memory
Expresses interest in specific running processes
The binary likely contains encrypted or compressed data.
Checks for the presence of known windows from debuggers and forensic tools
Tries to unhook or modify Windows functions monitored by Cuckoo
The following process appear to have been packed with Themida: 06D548AF128F335E0CE13A8E8DD1FCF0.mlw
Network activity detected but not expressed in API logs
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Razy.600165?


File Info:
crc32: 611A6E99
md5: 06d548af128f335e0ce13a8e8dd1fcf0
name: 06D548AF128F335E0CE13A8E8DD1FCF0.mlw
sha1: 82c669ebd2f2b378fcccfa85b7b4b48ff33498bc
sha256: f86ade6b016aa96bdb40c459b7b3cb413680b891d4436ffa8acc25fa03f0eba0
sha512: e41527bfe1f7efbd0f97d135c6aeea11afc605fd922700cd59c16f9e6b1cf06c8f2bc485ef35998f7143e594c107c67d3d3ac46f8979ce986ae9db63f2adf76a
ssdeep: 49152:QsccgSduy+/UVEXk3SbGrM/SOnMNJfcBiNQD:Qs8uGbGroSAM/0BiNQD
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (c) 2015-2021 Exodus Movement, Inc.
InternalName: Exodus
OriginalFileName:  
FileVersion: 21.8.13
CompanyName: Exodus Movement Inc
SquirrelAwareVersion: 1
ProductName: Exodus
ProductVersion: 21.8.13
FileDescription: Exodus
OriginalFilename: Exodus.exe
Translation: 0x0409 0x04b0

Razy.600165 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen3.2177
ALYac	Gen:Variant.Razy.600165
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Packed:Win32/Themida.46772e7f
K7GW	Trojan ( 0057f7f31 )
K7AntiVirus	Trojan ( 0057f7f31 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.Themida.HKZ
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.MSIL.Reline.frc
BitDefender	Gen:Variant.Razy.600165
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
MicroWorld-eScan	Gen:Variant.Razy.600165
Ad-Aware	Gen:Variant.Razy.600165
Sophos	Mal/Generic-R
BitDefenderTheta	Gen:NN.ZexaF.34088.1H0@aOpmabgi
TrendMicro	TROJ_GEN.R002C0WHF21
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.06d548af128f335e
Emsisoft	Gen:Variant.Razy.600165 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Generic.bkcsi
Avira	TR/Crypt.XPACK.Gen
eGambit	Unsafe.AI_Score_63%
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Microsoft	Trojan:Win32/Glupteba!ml
Gridinsoft	Trojan.Heur!.032100A1
Arcabit	Trojan.Razy.D92865
GData	Gen:Variant.Razy.600165
AhnLab-V3	Trojan/Win.Reputation.R432769
Acronis	suspicious
McAfee	Artemis!06D548AF128F
MAX	malware (ai score=84)
VBA32	BScope.TrojanPSW.Agent
TrendMicro-HouseCall	TROJ_GEN.R002C0WHF21
Rising	Trojan.Generic@ML.92 (RDML:uC4+9GdISuMOvmV+aQUOvg)
Ikarus	Trojan.Win32.Themida
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PackedThemida.HXI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Generic.HgIASaYA

How to remove Razy.600165?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.