TrojanDownloader:Win32/Berbew!pz removal guide

The TrojanDownloader:Win32/Berbew!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:Win32/Berbew!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine TrojanDownloader:Win32/Berbew!pz?


File Info:
name: 74284FDD29B13C054628.mlw
path: /opt/CAPEv2/storage/binaries/151ebaa542f7e70b6832a5f42be948c2ee3175956caa7553a4b4762ec0b05624
crc32: 0F3C9F4B
md5: 74284fdd29b13c0546281f3e491c9ab5
sha1: c3787d2162567dc3f6b160e6550f9b4d17793237
sha256: 151ebaa542f7e70b6832a5f42be948c2ee3175956caa7553a4b4762ec0b05624
sha512: f11d593c342251eefb179f59ab1c37172df86ff2bf8f5060b283cbdaee16b23b3bf5fc4913e615d8abfcbde7e1440981203fc98a01221a8ef15b0e9d50a37539
ssdeep: 768:fRCNUYqV/hwG5jMxHPlfom4IpdtCf4N8QvMqnanmvhUKoF/1H59:fRCOhVCGZGGYpdtKFQvMqnanmvhe/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B14399B24DB07EAF927CBF6C8D537E8C090840B4B46D6FF75E878B9A264214711DC26
sha3_384: 959760ca980c9ef043afd296b1f806e0a1f162a48bb4a586b170937ebef387d04c60ba9c30bd8f3bfd773d11f0aa7a8e
ep_bytes: 00000000000000000000000000000000
timestamp: 2023-07-29 18:29:59

Version Info:
0: [No Data]

TrojanDownloader:Win32/Berbew!pz also known as:

Bkav	W32.AIDetectMalware
DrWeb	BackDoor.HangUp.46592
ClamAV	Win.Malware.Qukart-6838239-0
Skyhigh	BehavesLike.Win32.Generic.cz
McAfee	GenericRXAA-FA!74284FDD29B1
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Convagent.gen
Avast	Win32:TrojanX-gen [Trj]
F-Secure	Trojan.TR/Spy.Qukart.NB
Baidu	Win32.Trojan-Spy.Quart.a
TrendMicro	TROJ_GEN.R03BC0DAM24
Sophos	ML/PE-A
Ikarus	Trojan-Spy.Win32
GData	Win32.Trojan.Agent.4Q4P4X
Google	Detected
Avira	TR/Spy.Qukart.NB
Kingsoft	malware.kb.a.1000
Xcitium	Worm.Win32.Qukart.K@565w5t
ZoneAlarm	HEUR:Trojan.Win32.Convagent.gen
Microsoft	TrojanDownloader:Win32/Berbew!pz
Varist	W32/Kryptik.DQV.gen!Eldorado
Acronis	suspicious
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R03BC0DAM24
Rising	Backdoor.Berbew!1.AE0A (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Virus.Mabezat.Dam
Fortinet	W32/Qukart.NAJ!dam
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.162567
DeepInstinct	MALICIOUS

How to remove TrojanDownloader:Win32/Berbew!pz?

TrojanDownloader:Win32/Berbew!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X