Should I remove "Razy.705124"?

The Razy.705124 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.705124 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Drops a binary and executes it
Performs some HTTP requests
Unconventionial language used in binary resources: Turkish
The binary likely contains encrypted or compressed data.
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

xred.mooo.com

freedns.afraid.org

ocsp.pki.goog

How to determine Razy.705124?


File Info:
crc32: 2252269B
md5: 57c1ea4d5a28a4ddeed9cb00f6b81334
name: 57C1EA4D5A28A4DDEED9CB00F6B81334.mlw
sha1: cc96fe4d57dfc2788e714b0c921f24b7700d5f48
sha256: 3c496f04c7646b833a3f0af2b827bce859f85969d83ab5bfb52adea9c2237bc4
sha512: 8410234f7d455d59c9a52b90cc95a420c82b65876b72d02b001d2ab8b5e3b1b9eb538dd6fa1bc430a172b7e7ac75464ed50370d0a1ce5aa5a3af06555157459a
ssdeep: 24576:p1Z4RscUgrdv0qTrO8LiAclb3a0Af7EecLc7Il+U/2p62brk3bltd:XZ7cF0qa8L2MzEegkIl+lprHOrd
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 
InternalName: 
FileVersion: 1.0.0.4
CompanyName: Synaptics
LegalTrademarks: 
Comments: 
ProductName: Synaptics Pointing Device Driver
ProductVersion: 1.0.0.0
FileDescription: Synaptics Pointing Device Driver
OriginalFilename: 
Translation: 0x041f 0x04e6

Razy.705124 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005239691 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Razy.705124
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 0057543a1 )
Cybereason	malicious.d5a28a
Cyren	W32/Trojan.JCNQ-3293
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.G suspicious
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Backdoor.Win32.Farfli.bwar
BitDefender	Gen:Variant.Razy.705124
MicroWorld-eScan	Gen:Variant.Razy.705124
Ad-Aware	Gen:Variant.Razy.705124
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Amtar.KNB@4wlm66
BitDefenderTheta	Gen:NN.ZexaF.34770.Ev0@aaICcniH
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
FireEye	Generic.mg.57c1ea4d5a28a4dd
Emsisoft	Gen:Variant.Razy.705124 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1135156
eGambit	Unsafe.AI_Score_100%
Microsoft	Program:Win32/Wacapew.C!ml
Gridinsoft	Trojan.Heur!.03010121
Arcabit	Trojan.Razy.DAC264
GData	Win32.Application.PUPStudio.A
AhnLab-V3	Malware/Win.Generic.C4537607
Acronis	suspicious
McAfee	Artemis!57C1EA4D5A28
MAX	malware (ai score=82)
Malwarebytes	Lamer.Virus.FileInfector.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R005H09FR21
Rising	Trojan.Generic@ML.100 (RDML:j7l3fOox00+GKQvJlU0Zgg)
Yandex	Trojan.GenAsa!oSg9Hu4ydds
Ikarus	PUA.NoobyProtect
MaxSecure	Dropper.Dinwod.frindll
Fortinet	Riskware/Farfli
AVG	Win32:Malware-gen
Qihoo-360	Win32/Trojan.Generic.HgIASXUA

How to remove Razy.705124?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Razy.705124”?