Malware

Razy.652743 removal instruction

Malware Removal

The Razy.652743 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Razy.652743 virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Collects information about installed applications
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
sellbrite.fun
ocsp.digicert.com
crl4.digicert.com
crl3.digicert.com
crl.geotrust.com
s2.symcb.com

How to determine Razy.652743?


File Info:

crc32: 1650FF58
md5: 4df9800848ffbafc6b6aea07b7cf73e6
name: 1.bin
sha1: 102f17f8e45823fa4ec9d321b4a59ce5d493f426
sha256: 8b25ed0db0c37708ccae9899fbe2cddcae20dd5b2a8e1eade0809a8b0ef91432
sha512: 59e5cfb9361b7b398bfa099e6150e7d868173efaf61c0b581be696fe4a9a0cbb57bd6695621bd9a752e5d0558430fdd96846d06870152342c5e71ec3fc0849a1
ssdeep: 3072:mzFiBQolia2GZMCNVit74mxq9qxCm1noL+qPDhauJargYlPN6hZL/aK9MC:FRiaBZMCNVip4ms9qL1ojDUuJa5eiK9
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Razy.652743 also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanGen:Variant.Razy.652743
FireEyeGen:Variant.Razy.652743
McAfeeGenericRXLQ-GE!4DF9800848FF
CylanceUnsafe
SangforMalware
K7AntiVirusSpyware ( 005677bc1 )
BitDefenderGen:Variant.Razy.652743
K7GWSpyware ( 005677bc1 )
CrowdStrikewin/malicious_confidence_60% (W)
TrendMicroTROJ_GEN.R002C0WHB20
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
KasperskyHEUR:Trojan.Win32.Zudochka.vho
AlibabaTrojanSpy:Win32/Zudochka.461b105d
ViRobotTrojan.Win32.Z.Agent.181248.YB
RisingSpyware.Agent!8.C6 (CLOUD)
Ad-AwareGen:Variant.Razy.652743
Comodo.UnclassifiedMalware@0
F-SecureTrojan.TR/Crypt.XPACK.Gen8
DrWebTrojan.PWS.Steam.18394
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
FortinetW32/Agent.PYJ!tr.spy
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Agent
JiangminTrojan.Zudochka.ha
AviraTR/Crypt.XPACK.Gen8
MAXmalware (ai score=89)
ArcabitTrojan.Razy.D9F5C7
MicrosoftPUA:Win32/Vigua.A
CynetMalicious (score: 85)
BitDefenderThetaGen:NN.ZexaF.34152.lqW@au33GIi
ALYacGen:Variant.Razy.652743
VBA32BScope.Trojan.Zudochka
MalwarebytesTrojan.PasswordStealer
ESET-NOD32a variant of Win32/Spy.Agent.PYJ
TrendMicro-HouseCallTROJ_GEN.R002C0WHB20
TencentWin32.Trojan.Zudochka.Pikn
eGambitUnsafe.AI_Score_99%
GDataGen:Variant.Razy.652743
AVGWin32:Trojan-gen
Cybereasonmalicious.848ffb
Qihoo-360Win32/Trojan.22e

How to remove Razy.652743?

Razy.652743 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment