Malware

How to remove “Symmi.22722 (B)”?

Malware Removal

The Symmi.22722 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.22722 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Symmi.22722 (B)?



File Info:

name: E8AF460F99465FD3C528.mlw
path: /opt/CAPEv2/storage/binaries/c5bd5d12b2af167d4c305118f30d16ce0010b60c93cd6d9c19b07af8753b65c7
crc32: CBA58720
md5: e8af460f99465fd3c52812089a1c80f1
sha1: 11ec0dcf736d72a7658b3a34c1c5524cf7a9b8f3
sha256: c5bd5d12b2af167d4c305118f30d16ce0010b60c93cd6d9c19b07af8753b65c7
sha512: 01c8f857f5d5cb6f288b0000b58ea4ae924017a7896750baee85d70c98ae417a37f3352b279b2af22a985ab6c5dcb84f78be0ae8b27e619abaee8ce075db6ed7
ssdeep: 6144:CQiBRyhvJNAyOoRSJxR02HtBeYS9k3aIDEJ4P411eMGbqzgMBXEd37vOBYaux:ClgNQ3H+k3aIYWSQbaBXaCu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T152946C24B5D3B0F6D677A4F00B56D732C4A13035A1F0A683E5812A5CE935BFBDA2634B
sha3_384: e63519650808857dc3e3b28bdf4c5602c0dc96679c2ee8b5282ac178080bf7388a008a44f7419bcebb28a02ba784bdb1
ep_bytes: e88e810000e978feffff5064ff350000
timestamp: 2014-07-24 05:34:13


Version Info:

0: [No Data]

Symmi.22722 (B) also known as:

BkavW32.AIDetect.malware2
CynetMalicious (score: 100)
FireEyeGeneric.mg.e8af460f99465fd3
CAT-QuickHealTrojan.Dynamer.AC3
McAfeeTrojan-FEMT!E8AF460F9946
MalwarebytesTrojan.Zbot.WHE
VIPREGen:Variant.Symmi.22722
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004cb2771 )
K7GWTrojan ( 004cb2771 )
Cybereasonmalicious.f99465
CyrenW32/Wonton.B.gen!Eldorado
SymantecDownloader.Upatre!g15
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.VNC
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.22722
NANO-AntivirusTrojan.Win32.PEF.dfdvrm
MicroWorld-eScanGen:Variant.Symmi.22722
AvastWin32:Downloader-TLD [Trj]
TencentWin32.Trojan.Generic.Amcl
Ad-AwareGen:Variant.Symmi.22722
EmsisoftGen:Variant.Symmi.22722 (B)
ComodoMalware@#23e03ccbmn2di
F-SecureTrojan.TR/Nivdort.Gen2
DrWebTrojan.DownLoader11.33079
ZillyaTrojan.Generic.Win32.1303919
TrendMicroTSPY_NIVDORT.SMB
McAfee-GW-EditionTrojan-FEMT!E8AF460F9946
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Wonton-FE
SentinelOneStatic AI – Suspicious PE
AviraTR/Nivdort.Gen2
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojanSpy:Win32/Nivdort.BW
ArcabitTrojan.Symmi.D58C2
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Symmi.22722
AhnLab-V3Worm/Win32.Autorun.C337723
VBA32BScope.Trojan.Bayrob
ALYacGen:Variant.Symmi.22722
MAXmalware (ai score=84)
CylanceUnsafe
TrendMicro-HouseCallTSPY_NIVDORT.SMB
RisingTrojan.Agent!1.C1BB (CLASSIC)
IkarusTrojan-Spy.Win32.Nivdort
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Wonton.FE!tr
BitDefenderThetaGen:NN.ZexaF.34786.AmW@aW3KP!e
AVGWin32:Downloader-TLD [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Symmi.22722 (B)?

Symmi.22722 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment