Malware

Tedy.280521 removal tips

Malware Removal

The Tedy.280521 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Tedy.280521 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Tedy.280521?


File Info:

name: BA986070DEB9C30BF6DF.mlw
path: /opt/CAPEv2/storage/binaries/f829a6c2b0ba42c0cd318ac1fb8700040d7653acaab57c5e9fa082d9bec5cc0c
crc32: 0457E3A0
md5: ba986070deb9c30bf6df483a496be0cb
sha1: 367f06d3e3e090aeb38660119dd554a795d9efa8
sha256: f829a6c2b0ba42c0cd318ac1fb8700040d7653acaab57c5e9fa082d9bec5cc0c
sha512: 0b6c16f95c1aa0c0273f28fd69323085e9bc09ad958a1d9ae6fd76331821b26acfd2cdfe5426b7b753ed718654002a5ca29dc9da19d3a56bb5285401bf9dab67
ssdeep: 24576:UJ0qMKg1RWDuyjEgWIiH8XTsF439aBfNwK8K+31semcAlue2:UJ0/aDuyjEaXIFckbwK8BsQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D6523E27C56A269C7214238AB5E892ED18365747E980C3D2FDC48FD4730AE13E1E767
sha3_384: 3ffa5cc88bf850a344f99fc1268c0dc587641d4c653c93021d64170ee10e9cd2e265333666e56ccfeae56941cf254760
ep_bytes: 681b43804ae90ac0feff4fd4dce69674
timestamp: 2010-07-29 02:02:20

Version Info:

FileVersion: 2.1.1.0
FileDescription: 易语言程序
ProductName: 打码任务
ProductVersion: 2.1.1.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Tedy.280521 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.280521
McAfeeArtemis!BA986070DEB9
VIPREGen:Variant.Tedy.280521
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 004b942f1 )
K7GWAdware ( 004b942f1 )
CyrenW32/SuspPack.BQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/FlyStudio.Packed.Q potentially unwanted
ZonerProbably Heur.ExeHeaderL
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Packed.Win32.Convagent.gen
BitDefenderGen:Variant.Tedy.280521
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.ba986070deb9c30b
EmsisoftGen:Variant.Tedy.280521 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Tedy.280521
JiangminTrojan/Generic.ahvo
MAXmalware (ai score=81)
XcitiumMalware@#1tu7ssmdaanmi
ArcabitTrojan.Tedy.D447C9
ZoneAlarmVHO:Packed.Win32.Convagent.gen
GoogleDetected
BitDefenderThetaGen:NN.ZexaF.36196.AD0@amPqLjeb
ALYacGen:Variant.Tedy.280521
Cylanceunsafe
RisingTrojan.Generic@AI.100 (RDML:fO8czkDDgrjmQGG9n54yOw)
YandexTrojan.SuspPack!N3x7uwOvCV8
MaxSecureDropper.Dinwod.frindll
Cybereasonmalicious.3e3e09
DeepInstinctMALICIOUS

How to remove Tedy.280521?

Tedy.280521 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment