Trojan

Trojan:Win32/Barys.GMA!MTB removal tips

Malware Removal

The Trojan:Win32/Barys.GMA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Barys.GMA!MTB virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Barys.GMA!MTB?



File Info:

name: ACBDEDAF0FCDC0B6982A.mlw
path: /opt/CAPEv2/storage/binaries/5a88c6dce9f1c80004eb115b0af153a7fa3ebe0a953625186e64b432dbf9c7e1
crc32: BEA79A76
md5: acbdedaf0fcdc0b6982a51bed307b0fd
sha1: 90acf24d4221a2b1ffcb72fb116ce0e5bf0f9697
sha256: 5a88c6dce9f1c80004eb115b0af153a7fa3ebe0a953625186e64b432dbf9c7e1
sha512: d9d82c967014f21ff6919829cf87c8e09c21ea02e1f92aaf040db1f1f7ef4e47faf6c9b3a0ddc71f6fdebcedaa055e745e3557ea9f809d2cc6db8ffec73cc182
ssdeep: 24576:7FCQfO/zNh6XFRbf0ezEM4dmv5BJtOtEM4dmv58:7gz3o7bf0ezj425zUtj4258
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10FF4D08B776DED19CD3D2BFF292D72079881AD2FEA28B05E146C870A455BDF3814B250
sha3_384: a0726ce94f34168d817eaafd351cb54437b272f67e3224401282b8da9d58c7d6aa69e137bb3d47b8ed09a779adb031db
ep_bytes: 587b31ab0822852c0df3bcbdcfb0d407
timestamp: 1971-05-16 00:00:00


Version Info:

CompanyName: Wayne J. Radburn
FileDescription: PE/COFF File Viewer
FileVersion: 0.9.9.0
InternalName: PEview
LegalCopyright: Copyright© 1997-2011 Wayne J. Radburn
OriginalFilename: PEview.exe
ProductName: PEview
ProductVersion: 0.9.9.0
Translation: 0x0409 0x04e4

Trojan:Win32/Barys.GMA!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanDeepScan:Generic.Dacic.8952383F.A.DCE02291
ClamAVWin.Packed.Razy-9786051-0
SkyhighBehavesLike.Win32.Generic.bc
McAfeeTrojan-FVOQ!ACBDEDAF0FCD
Cylanceunsafe
VIPREDeepScan:Generic.Dacic.8952383F.A.DCE02291
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0001b3411 )
K7GWTrojan ( 0001b3411 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.36680.W83@aSUsTC
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HHBK
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan.Win32.Sdum.gen
BitDefenderDeepScan:Generic.Dacic.8952383F.A.DCE02291
NANO-AntivirusTrojan.Win32.Kryptik.foobtk
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Kryptik.gify
EmsisoftDeepScan:Generic.Dacic.8952383F.A.DCE02291 (B)
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebTrojan.PackedENT.139
ZillyaTrojan.Kryptik.Win32.3766585
SophosMal/Inject-GJ
IkarusTrojan.Patched
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Patched.Ren.Gen
Antiy-AVLGrayWare/Win32.Kryptik.gifq
MicrosoftTrojan:Win32/Barys.GMA!MTB
XcitiumTrojWare.Win32.Kryptik.TLS@812zm8
ArcabitDeepScan:Generic.Dacic.8952383F.A.DCE02291
ZoneAlarmVHO:Trojan.Win32.Sdum.gen
GDataWin32.Trojan.PSE.109W4IM
VaristW32/Dacic.E.gen!Eldorado
Acronissuspicious
VBA32Trojan.Khalesi
ALYacDeepScan:Generic.Dacic.8952383F.A.DCE02291
TACHYONTrojan/W32.Selfmod
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.B34D (CLASSIC)
YandexTrojan.Agent!RRuFJhSd6qY
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.GIFQ!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.d4221a
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Barys.GMA!MTB?

Trojan:Win32/Barys.GMA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment