About “TrojanDownloader:Win32/Andromeda!pz” infection

The TrojanDownloader:Win32/Andromeda!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:Win32/Andromeda!pz virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine TrojanDownloader:Win32/Andromeda!pz?


File Info:
name: 6A94D7846FBE42F8637F.mlw
path: /opt/CAPEv2/storage/binaries/9cbc54753f1ceab5124c1eeccbbb7ab606dc0eedda70a90687f8971c55815098
crc32: 61B6ED9E
md5: 6a94d7846fbe42f8637fa59d75491bcc
sha1: 07777d98ed3cb09f4824d4ce6c28f9539e53c06b
sha256: 9cbc54753f1ceab5124c1eeccbbb7ab606dc0eedda70a90687f8971c55815098
sha512: 08c4cb6778c7315c1cb088af0fd827fe45ca123815b88be7fae1dd31ee5d37b79d0c2e39a46c169331d8669bb750135df932bfcc5dfddbe82d7f16a6d6824fa7
ssdeep: 96:nEY2RrF1eqwi41ymBOak5lN2+OiuPxwrHu+VH:EHRh1epp1EL1Oimx
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1B2D174462356CFBBEE444BF1DD5A0049F08AEC2DED794A72A3430B113AF0E9D59E5B11
sha3_384: ea7a132f3e626454abf7d9f00129dc9edfc7e221dfe88fb0b1cf8652661aab5e12c2b8b60c080ed335b186accf5647f7
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2013-05-23 11:25:12

Version Info:
0: [No Data]

TrojanDownloader:Win32/Andromeda!pz also known as:

Bkav	W32.FamVT.DebrisA.Worm
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.63208
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	BehavesLike.Win32.Worm.xz
McAfee	W32/Worm-FKH!6A94D7846FBE
Malwarebytes	Bundpil.Worm.AutoRun.DDS
VIPRE	Gen:Variant.Barys.63208
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 0040f7ba1 )
K7GW	Trojan ( 0040f7ba1 )
CrowdStrike	win/malicious_confidence_100% (D)
Baidu	Win32.Worm.Bundpil.an
VirIT	Worm.Win32.Generic.FXU
Symantec	Downloader
tehtris	Generic.Malware
ESET-NOD32	Win32/Bundpil.AH
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Adware.Downware-493
Kaspersky	Worm.Win32.Debris.h
BitDefender	Gen:Variant.Barys.63208
NANO-Antivirus	Trojan.Win32.Debris.cssocy
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Avast	Win32:Debris-A [Wrm]
Tencent	Worm.Win32.Debris.a
Sophos	Troj/Agent-ACCV
F-Secure	Worm.WORM/Debris.J.1
DrWeb	Worm.Siggen.12242
Zillya	Worm.DebrisGen.Win32.1
TrendMicro	WORM_GAMARUE.SMA
Emsisoft	Gen:Variant.Barys.63208 (B)
Ikarus	Worm.Win32.Debris
Jiangmin	Worm/Debris.a
Webroot	W32.Worm.Gen
Varist	W32/Csyr.B.gen!Eldorado
Avira	WORM/Debris.J.1
Antiy-AVL	Worm/Win32.Debris
Kingsoft	malware.kb.a.997
Microsoft	TrojanDownloader:Win32/Andromeda!pz
Xcitium	Worm.Win32.Bundpil.AH@4yjufs
Arcabit	Trojan.Barys.DF6E8
ZoneAlarm	Worm.Win32.Debris.h
GData	Gen:Variant.Barys.63208
Google	Detected
AhnLab-V3	Worm/Win32.Debris.R68969
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZedlaF.36680.aq5@aWbSzHn
ALYac	Gen:Variant.Barys.63208
TACHYON	Worm/W32.Debris.6482.B
VBA32	Worm.Gamarue
Cylance	unsafe
Panda	W32/Autorun.KAB.worm
TrendMicro-HouseCall	WORM_GAMARUE.SMA
Rising	Worm.Gamarue!1.9CB3 (CLASSIC)
Yandex	Trojan.GenAsa!BiSnwDyq9yo
SentinelOne	Static AI – Malicious PE
MaxSecure	Worm.Debris.k
Fortinet	W32/Agent.AF!worm
AVG	Win32:Debris-A [Wrm]
DeepInstinct	MALICIOUS

How to remove TrojanDownloader:Win32/Andromeda!pz?

TrojanDownloader:Win32/Andromeda!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X