How to remove “Symmi.73802 (B)”?

The Symmi.73802 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Symmi.73802 (B) virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Symmi.73802 (B)?


File Info:
name: 457B70DD2B4D5BEEB9C9.mlw
path: /opt/CAPEv2/storage/binaries/4802b20dca91aad4b5e61a3106e73f40dce4ff1ce6c61b742e42e58ff1f70205
crc32: 79C3F7A1
md5: 457b70dd2b4d5beeb9c9bf62b8dd36b8
sha1: 0a91f1586f98eacb4aef94981afb43861d7bfa20
sha256: 4802b20dca91aad4b5e61a3106e73f40dce4ff1ce6c61b742e42e58ff1f70205
sha512: 2c2ced93037a91938d9b4518624bb9187848976ea161f5881682de84709aaf5e303608455823905db653d8cac67ddb26766ae1ce2205c20f65d2c079cebed8cc
ssdeep: 768:HzN+AoaTcN0B0u37GmGHqn3kBJro7NQRdbJ:HhUqO0qurHNn3kOQRdl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T197236B517542C03ACC8A527C41FCD721566EBC501BA146DB73E83BEE9E353D0AE3A38A
sha3_384: 98e21dc2316cf6d58eab201568fad4b96396392465703429dba257f05a1a08afac3ed047e8b5ff65c0db0e4ee2057744
ep_bytes: e845180000e919feffffcccccccccc3b
timestamp: 2009-12-04 13:35:59

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft (R) HTML Application host
FileVersion: 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
InternalName: MSHTA.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSHTA.EXE
ProductName: Windows® Internet Explorer
ProductVersion: 8.00.6001.18702
Translation: 0x0409 0x04b0

Symmi.73802 (B) also known as:

Lionic	Virus.Win32.Virut.lwMB
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Symmi.73802
FireEye	Generic.mg.457b70dd2b4d5bee
McAfee	Artemis!457B70DD2B4D
Cybereason	malicious.d2b4d5
BitDefenderTheta	Gen:NN.ZexaF.34606.cu0@aalT1qki
Cyren	W32/Virut.U.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Symmi.73802
Avast	Win32:Virtu-F [Inf]
Tencent	Win32.Trojan.Barys.Pcjb
Ad-Aware	Gen:Variant.Symmi.73802
Sophos	Generic ML PUA (PUA)
VIPRE	Gen:Variant.Symmi.73802
McAfee-GW-Edition	Artemis
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Symmi.73802 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Symmi.73802
Google	Detected
MAX	malware (ai score=100)
Arcabit	Trojan.Symmi.D1204A
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Symmi.73802
Malwarebytes	Malware.Heuristic.1001
Rising	Trojan.Generic@AI.86 (RDMK:cmRtazowhk2ju7q/Q3DP4Ex//Y15)
Fortinet	W32/CoinMiner.F
AVG	Win32:Virtu-F [Inf]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Symmi.73802 (B)?

Symmi.73802 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X