Malware

Tedy.148375 removal tips

Malware Removal

The Tedy.148375 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Tedy.148375 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Tedy.148375?


File Info:

name: 49D61F00B4BC80A29106.mlw
path: /opt/CAPEv2/storage/binaries/0510418d5faa80313765bf65b7e564490edf52a3c0873ae82461da472be53889
crc32: E589F5D9
md5: 49d61f00b4bc80a29106d5758bccbfc9
sha1: 9c0e405a3ecf93fe77ac5f420aeb9337693343c7
sha256: 0510418d5faa80313765bf65b7e564490edf52a3c0873ae82461da472be53889
sha512: 73687368f26184a81255d38622688ce28cd60bc39dbef9df505262f63741d6381d85d99506073666821f702833a956b5720041d17118b636b072bb823663e679
ssdeep: 3072:F1NjcVVnLpPumAwb22Fjyv41JGLKM3sXKMx7G7W6eHwZceBXHrBxtGR:nNeZDz+w3INXS+XL8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D9E3F1407264C8B2D8B70F3282BD4A731AFBEE2114B58A4F1751729E7E713C2661DF92
sha3_384: 779a40f3f12e9caa1038fc0c6e0792d7c5cdb26737848c5e7b1bdc5679294e12d185f3a1bf2e9c9484c6523dcd675fef
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 21:55:49

Version Info:

Comments: Needfuls162 bumblebees
CompanyName: afpriknings haandevendingernes
FileDescription: Rudloff Underentreprenrens238
FileVersion: 6.9.8
LegalCopyright: Afmnstrings Perplex42 WINSOMENESS
LegalTrademarks: othellokage unraked Bhlandet
ProductName: OVERRATIONALIZED Tranio Stupa Affine
Translation: 0x0409 0x04b0

Tedy.148375 also known as:

MicroWorld-eScanGen:Variant.Tedy.148375
FireEyeGen:Variant.Tedy.148375
ALYacGen:Variant.Tedy.148375
AlibabaTrojanDownloader:Win32/GuLoader.8bb9198c
Elasticmalicious (high confidence)
ESET-NOD32NSIS/Injector.ASH
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.GuLoader.gen
BitDefenderGen:Variant.Tedy.148375
AvastFileRepMalware [Misc]
TencentWin32.Trojan.Falsesign.Pgdi
Ad-AwareGen:Variant.Tedy.148375
EmsisoftGen:Variant.Tedy.148375 (B)
McAfee-GW-EditionArtemis
Trapminesuspicious.low.ml.score
SophosGeneric ML PUA (PUA)
IkarusTrojan.NSIS.Agent
GDataGen:Variant.Tedy.148375
MAXmalware (ai score=84)
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Tedy.D24397
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!49D61F00B4BC
MalwarebytesTrojan.Dropper.NSIS
FortinetNSIS/Injector.AOW!tr
AVGFileRepMalware [Misc]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Tedy.148375?

Tedy.148375 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment