Malware

Razy.757658 removal guide

Malware Removal

The Razy.757658 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.757658 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Razy.757658?



File Info:

crc32: 9640F1EB
md5: 5c25fa1d83cb315c7f404e2ecd002f14
name: 5C25FA1D83CB315C7F404E2ECD002F14.mlw
sha1: 34d1e3e538b9e18a045e26318fb742cfef001470
sha256: 727feca3e4793c8083d96e1e3e435a880b4991f838648472515cca93f78c9ff8
sha512: 95054b4a6d6711b98e631cf4d0febe4259c7ff663b3385351aa965c0ab98050938e95f4c89b0963f34e0bc78256ac903212e2c8d853aa3577cbba865f43a4040
ssdeep: 24576:aTIdxW6BKaSkdJes6XiruDiz38Ju9KDA6gMHDw3DyzdyD4Lc2Nrf6u0o6v1EMxc:PHdJes6YPzsJuqDw+Qk6v1EMc
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2007
InternalName: Steam Application launcher
FileVersion: 1, 0, 0, 1
CompanyName: Valve Corporation
Comments: Steam Application launcher
ProductName: Steam Application launcher
ProductVersion: 1, 0, 0, 1
FileDescription: Steam Application launcher
OriginalFilename: appid_0000.exe
Translation: 0x0409 0x04b0

Razy.757658 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Siggen7.19547
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.757658
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.37878
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:MSIL/Kryptik.de62d628
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.IYI
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.757658
MicroWorld-eScanGen:Variant.Razy.757658
TencentMalware.Win32.Gencirc.10bb50d8
Ad-AwareGen:Variant.Razy.757658
SophosMal/Generic-S
ComodoMalware@#2bj8299i1j0m5
BitDefenderThetaGen:NN.ZemsilF.34670.Dn0@aicktVf
VIPRETrojan.Win32.Generic!BT
TrendMicroRANSOM_CRYPBLOCKER_GD28001A.UVPM
McAfee-GW-EditionGenericRXBJ-RN!5C25FA1D83CB
FireEyeGeneric.mg.5c25fa1d83cb315c
EmsisoftGen:Variant.Razy.757658 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Blocker.gvn
AviraHEUR/AGEN.1120515
eGambitUnsafe.AI_Score_96%
Antiy-AVLTrojan[Ransom]/Win32.Blocker
MicrosoftTrojan:Win32/Skeeyah.A!rfn
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Razy.757658
AhnLab-V3Trojan/Win32.Blocker.C2014255
McAfeeGenericRXBJ-RN!5C25FA1D83CB
MAXmalware (ai score=82)
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.1846047567
PandaTrj/GdSda.A
TrendMicro-HouseCallRANSOM_CRYPBLOCKER_GD28001A.UVPM
RisingRansom.Blocker!8.12A (C64:YzY0OiaAV9/BimmT)
IkarusTrojan.MSIL.Krypt
MaxSecureWin.MxResIcn.Heur.Gen
FortinetMSIL/Generic.AP.C3FA0!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HgIASOUA

How to remove Razy.757658?

Razy.757658 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment