Malware

Razy.790951 (B) removal guide

Malware Removal

The Razy.790951 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.790951 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • CAPE detected the Fareit malware family
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Razy.790951 (B)?



File Info:

name: ECDBD9F4444A8C78FC66.mlw
path: /opt/CAPEv2/storage/binaries/32cb5f5babf3d4a57ea935d318aff525233b7df785a8f168f9f5bbb9486911cc
crc32: DB621DB8
md5: ecdbd9f4444a8c78fc6681b09c6fbe4a
sha1: 8b847b86e78da21cfc1de78afbbcbf9548d6f606
sha256: 32cb5f5babf3d4a57ea935d318aff525233b7df785a8f168f9f5bbb9486911cc
sha512: 945c89569a94e5b575af39bbbeaa9c5437952db6efe3412407658b5baaec139901ac25cac945697960397b03a9bdec60938deb52b89444df7917cf2c1144f677
ssdeep: 3072:+PAAwpl6vFfKQYiYOaRSRBMENXPQO08OlztCFs4nhiFkRcOYnlZi:+PAAelEFfRJGm14O08Mws4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15AD3D055327008E3FD6662F9CA9BDE4623C42B594705D65F31DAEF0B9EA21F0EB22407
sha3_384: b78b4c6a2dda15eed5750b8431c2d5b08afcd481be90485ac7532d02d84ecd5ad294ae53730a72b99b38f0ed1e501fa5
ep_bytes: 558bec5568df19400068a0124000c35d
timestamp: 2013-04-03 13:00:43


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Напоминания Windows OOBE
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
InternalName: OOBEBALN.EXE
Translation: 0x0419 0x04b0

Razy.790951 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.lWBM
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.ecdbd9f4444a8c78
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot-FATG!ECDBD9F4444A
CylanceUnsafe
ZillyaTrojan.ZBotGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f0ce1 )
AlibabaTrojan:Win32/Bulta.4ccf6c1d
K7GWTrojan-Downloader ( 0040f0ce1 )
Cybereasonmalicious.4444a8
VirITTrojan.Win32.Agent.BWB
SymantecBackdoor.Trojan
ESET-NOD32a variant of Win32/Kryptik.AXWR
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Zbot-7671065-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.790951
NANO-AntivirusTrojan.Win32.Stealer.cqpjaf
SUPERAntiSpywareTrojan.Agent/Gen-Fareit
MicroWorld-eScanGen:Variant.Razy.790951
AvastWin32:LockScreen-AAV [Trj]
TencentMalware.Win32.Gencirc.114d4a01
Ad-AwareGen:Variant.Razy.790951
SophosMal/Generic-R + Mal/ZAccess-CG
ComodoApplication.Win32.LoadMoney.ZED@6e0wcr
DrWebTrojan.PWS.Stealer.1932
VIPRETrojan.Win32.Zbot.m (v)
TrendMicroTROJ_SPNR.0BDA13
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
EmsisoftGen:Variant.Razy.790951 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.790951
JiangminTrojan/Generic.bgfnc
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.136EAA
KingsoftWin32.Heur.KVM007.a.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Fareit
AhnLab-V3Trojan/Win32.Zbot.R59686
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.iq0@aOEciJyc
ALYacGen:Variant.Razy.790951
TACHYONTrojan/W32.Agent.136704.XB
VBA32BScope.Malware-Cryptor.SB.01798
MalwarebytesMalware.AI.693616844
TrendMicro-HouseCallTROJ_SPNR.0BDA13
RisingTrojan.Agent!1.6836 (CLOUD)
IkarusTrojan-PWS.Win32.Fareit
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.APRF!tr
AVGWin32:LockScreen-AAV [Trj]
PandaTrj/Hexas.HEU
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Razy.790951 (B)?

Razy.790951 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment