Should I remove “TrojanDownloader:Win32/Berbew!pz”?

The TrojanDownloader:Win32/Berbew!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:Win32/Berbew!pz virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine TrojanDownloader:Win32/Berbew!pz?


File Info:
name: 48AA7404086FA5347414.mlw
path: /opt/CAPEv2/storage/binaries/663cdda129c026a6c0e57440a3b7691513f9a9be64d121bb447855a09c10bc87
crc32: FD3DE6C1
md5: 48aa7404086fa5347414613d9a817395
sha1: 9031e0f46dde75a6d7257512981dd75c6b37c474
sha256: 663cdda129c026a6c0e57440a3b7691513f9a9be64d121bb447855a09c10bc87
sha512: 30e009933192eb9abfa236405183fc54101352eb3f0d4912649c2699a2d4947f5716b23ba7df7911720aa73685b6266fd0aa446add2981eae02f39954ef180ce
ssdeep: 3072:ywNgEzjN+ZjigHxWBpzLSJdEN0s4WE+3:ysgAN+ZjQ5eENm+3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B44AE9773E51F33C5BE0EB02F0AC5A79A18B1B8D27B85814C9CB11E1316BB5C27B694
sha3_384: ad426c81d33d5a95cb6657601c02ca9c1b85aad265c73b1f977468d17095caf59402006dba6ede9ce8301417dcf58efc
ep_bytes: 00000000000000000000000000000000
timestamp: 2017-10-15 03:39:59

Version Info:
0: [No Data]

TrojanDownloader:Win32/Berbew!pz also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKDZ.104931
FireEye	Generic.mg.48aa7404086fa534
Skyhigh	BehavesLike.Win32.Generic.dz
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.GenericKDZ.104931
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.46dde7
Arcabit	Trojan.Generic.D199E3
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Qukart-10012701-0
Kaspersky	HEUR:Trojan-Proxy.Win32.Qukart.pef
BitDefender	Trojan.GenericKDZ.104931
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Backdoor.Win32.Padodor.kg
Sophos	ML/PE-A
F-Secure	Trojan.TR/Crypt.ZPACK.Gen2
DrWeb	BackDoor.HangUp.5
TrendMicro	TROJ_GEN.R03BC0DAL24
Emsisoft	Trojan.GenericKDZ.104931 (B)
Ikarus	Trojan-Downloader.Win32.Berbew
Jiangmin	Backdoor.Padodor.etfh
Varist	W32/Agent.FTI.gen!Eldorado
Avira	TR/Crypt.ZPACK.Gen2
Kingsoft	malware.kb.a.933
Microsoft	TrojanDownloader:Win32/Berbew!pz
ZoneAlarm	HEUR:Trojan-Proxy.Win32.Qukart.pef
GData	Trojan.GenericKDZ.104931
Google	Detected
ALYac	Trojan.GenericKDZ.104931
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R03BC0DAL24
Rising	Backdoor.Berbew!1.AF13 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Qukart.HTI!tr
AVG	Win32:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove TrojanDownloader:Win32/Berbew!pz?

TrojanDownloader:Win32/Berbew!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X