Malware

Symmi.185 (B) removal tips

Malware Removal

The Symmi.185 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Symmi.185 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Symmi.185 (B)?


File Info:

name: 0206F64D5252CD853993.mlw
path: /opt/CAPEv2/storage/binaries/8132007c9d2b67755b05bcfc532b4156a3ae55dfd2347e68acf64002ffdc29ba
crc32: 2CF71C86
md5: 0206f64d5252cd8539939c3ee1b3ed15
sha1: 4ad3e40ac3fc199084585b73b7a208c616496a2f
sha256: 8132007c9d2b67755b05bcfc532b4156a3ae55dfd2347e68acf64002ffdc29ba
sha512: 0a3a5d0f90bc261a1d2901663fa484d4981064272f0880022beaf903a77e51c04718eedfc00e289336110a6c447d57442bc54c4cbca6268186cce22385806e75
ssdeep: 3072:DhPBdjsROnFXS5yIuSP9lqVinU3bp/PTm2moJ6CwA+GABMndgIqPz:DhJdQ7PnqVinU3bw2moJ6BAdgnr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C34722563C0B73DEC24CBF9684C4390896BD93729D16C17E6C29747B6A2D27F6203A7
sha3_384: 928a4668fb8973f0d71da86e1f873439626f6256801be5d1653613e73e2f7738789f490768a36f05afb6b89a98fcf121
ep_bytes: 68b4494000e8f0ffffff000000000000
timestamp: 2012-05-22 22:09:54

Version Info:

Translation: 0x0409 0x04b0
Comments: opj45345h546
CompanyName: asdg3453456456
FileDescription: i435j346456sd
LegalCopyright: asdf2354345456
LegalTrademarks: sadf35345sdsd
ProductName: sad2343254aaaa
FileVersion: 4.07.0001
ProductVersion: 4.07.0001
InternalName: fvecos
OriginalFilename: fvecos.exe

Symmi.185 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.VbCrypt.60
MicroWorld-eScanGen:Variant.Symmi.185
FireEyeGeneric.mg.0206f64d5252cd85
CAT-QuickHealTrojan.Beebone.D
McAfeeVBObfus.ek
CylanceUnsafe
Sangfor[MICROSOFT VISUAL BASIC V6.0]
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.d5252c
BitDefenderThetaGen:NN.ZevbaF.34742.pm0@ae!WGApi
VirITTrojan.Win32.Zyx.KS
CyrenW32/Vobfus.BE.gen!Eldorado
ESET-NOD32Win32/Pronny.AT
TrendMicro-HouseCallWORM_VOBFUS.SM01
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.erzg
BitDefenderGen:Variant.Symmi.185
NANO-AntivirusTrojan.Win32.VB.ccwqss
SUPERAntiSpywareTrojan.Agent/Gen-Faker
AvastWin32:Agent-AZYN [Trj]
RisingWorm.VobfusEx!1.99DC (CLASSIC)
Ad-AwareGen:Variant.Symmi.185
EmsisoftGen:Variant.Symmi.185 (B)
ComodoTrojWare.Win32.VB.AVA@4paxk7
F-SecureTrojan.TR/Dropper.Gen5
BaiduWin32.Worm.Pronny.d
TrendMicroWORM_VOBFUS.SM01
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
SentinelOneStatic AI – Malicious PE
Trapminesuspicious.low.ml.score
SophosML/PE-A + W32/AutoRun-BXJ
IkarusWorm.Win32.Vobfus
GDataGen:Variant.Symmi.185
AviraTR/Dropper.Gen5
ArcabitTrojan.Symmi.185
ViRobotWorm.Win32.A.WBNA.249856.AQ
ZoneAlarmWorm.Win32.Vobfus.erzg
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.WBNA.R26292
Acronissuspicious
VBA32BScope.Trojan.VB.Onechki
ALYacGen:Variant.Symmi.185
TACHYONWorm/W32.Vobfus.249856.B
MalwarebytesVobfus.Worm.Evasion.DDS
APEXMalicious
TencentWorm.Win32.Vobfus.n
YandexTrojan.GenAsa!bpPPm4EqFNw
MAXmalware (ai score=89)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
AVGWin32:Agent-AZYN [Trj]
PandaW32/Vobfus.GEP.worm
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Symmi.185 (B)?

Symmi.185 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment