Should I remove “TrojanDownloader:Win32/Andromeda!pz”?

The TrojanDownloader:Win32/Andromeda!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:Win32/Andromeda!pz virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine TrojanDownloader:Win32/Andromeda!pz?


File Info:
name: 0FF1FB79F0222B5F4414.mlw
path: /opt/CAPEv2/storage/binaries/070d5c46ef96df17c1e7ad78501207db500a0d58f06d0757bc5af37b7658d228
crc32: 0D2FE55D
md5: 0ff1fb79f0222b5f4414af9c2999ca4b
sha1: 25dac625346db53496ac5c9937993c37e2234e6a
sha256: 070d5c46ef96df17c1e7ad78501207db500a0d58f06d0757bc5af37b7658d228
sha512: efede7d6c37bdd6a8bff9a3922b2b13a6cefcdfdcce8b53bf3dbc31a50c6940f18775c0b4f3959228f192a4b23dd71004543c2acc8bcb77cc0429cf7bc58db2d
ssdeep: 96:nEY2RrF1eqwi4tjnP4/4+7KQEdfF3VmUmpfX:EHRh1epp5nA/4+7Kn9JV4
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1F0C11F83E2574A53FD0407B99E0F888B68EF982BFDB01955F1CC0B10799808C7BEAD95
sha3_384: 56b2ae917a6e593de8002dd8feb16aa171be4d41f414934bc898fce0a21e36529b25d4c0aa6bf67e5053403086b83571
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2013-05-23 11:25:12

Version Info:
0: [No Data]

TrojanDownloader:Win32/Andromeda!pz also known as:

Bkav	W32.FamVT.DebrisA.Worm
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.0ff1fb79f0222b5f
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	BehavesLike.Win32.Worm.xz
McAfee	W32/Worm-FKH!0FF1FB79F022
Malwarebytes	Bundpil.Worm.AutoRun.DDS
VIPRE	Gen:Variant.Barys.63208
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 0040f7ba1 )
K7GW	Trojan ( 0040f7ba1 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Trojan.Barys.DF6E8
Baidu	Win32.Worm.Bundpil.an
VirIT	Worm.Win32.Generic.FXU
Symantec	Downloader
tehtris	Generic.Malware
ESET-NOD32	Win32/Bundpil.AH
APEX	Malicious
ClamAV	Win.Adware.Downware-493
Kaspersky	Worm.Win32.Debris.h
BitDefender	Gen:Variant.Barys.63208
NANO-Antivirus	Trojan.Win32.Debris.cssocy
MicroWorld-eScan	Gen:Variant.Barys.63208
Avast	Win32:Debris-A [Wrm]
TACHYON	Worm/W32.Debris.6146.B
Emsisoft	Gen:Variant.Barys.63208 (B)
F-Secure	Worm.WORM/Debris.J.1
DrWeb	Worm.Siggen.12242
Zillya	Worm.DebrisGen.Win32.1
TrendMicro	WORM_GAMARUE.SMA
Trapmine	malicious.high.ml.score
Sophos	Troj/Agent-ACCV
Ikarus	Worm.Win32.Debris
Jiangmin	Worm/Debris.a
Webroot	W32.Worm.Gen
Google	Detected
Avira	WORM/Debris.J.1
Antiy-AVL	Worm/Win32.Debris
Kingsoft	malware.kb.a.998
Xcitium	Worm.Win32.Bundpil.AH@4yjufs
Microsoft	TrojanDownloader:Win32/Andromeda!pz
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
ZoneAlarm	Worm.Win32.Debris.h
GData	Gen:Variant.Barys.63208
Varist	W32/Csyr.B.gen!Eldorado
AhnLab-V3	Worm/Win32.Debris.R68969
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZedlaF.36744.aq5@aWbSzHn
MAX	malware (ai score=89)
VBA32	Worm.Gamarue
Cylance	unsafe
Panda	W32/Autorun.KAB.worm
TrendMicro-HouseCall	WORM_GAMARUE.SMA
Rising	Worm.Gamarue!1.9CB3 (CLASSIC)
Yandex	Trojan.GenAsa!BiSnwDyq9yo
SentinelOne	Static AI – Malicious PE
MaxSecure	Worm.Debris.k
Fortinet	W32/Agent.AF!worm
AVG	Win32:Debris-A [Wrm]
DeepInstinct	MALICIOUS

How to remove TrojanDownloader:Win32/Andromeda!pz?

TrojanDownloader:Win32/Andromeda!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X