Trojan:Win32/Phonzy.B!ml removal tips

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Phonzy.B!ml?


File Info:
name: 7E709995E973FB061064.mlw
path: /opt/CAPEv2/storage/binaries/befa9e62e5c453e84c4160ab573e9819aabfcfb576c95ed8c67f730ada3c2416
crc32: 183781B5
md5: 7e709995e973fb061064d2cab6011a58
sha1: b45458cb1813c443e7b4ee8f9ad5a3ad3078b9dc
sha256: befa9e62e5c453e84c4160ab573e9819aabfcfb576c95ed8c67f730ada3c2416
sha512: 1e92e6af2f8405cd6dc16b4302bab0b75afb45215f434cea4d5aed7dbe0edd0e4728613551c26e799230f47ed095a224e90c78bf91a52bfc90eed9ad83dd814f
ssdeep: 12288:ZYWI2rQ9KbFwOKpOz5N9vWst3QVkBNhw6Y5o+SudAfh39z2Go:ZYjEQkbvK8N3t3QVkLhoo+SVfhl2/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124451202B7C69039F8F215B9C97500799509FC719B9AC0D7B2D53A4B95F8AE0BE32327
sha3_384: cb09280f963b320451c121c53270722b6be53c4b34f9c62ca54c9608de6852820da3493cc57e54b921a37ff45c82d7ef
ep_bytes: e8d3030000e937fdffffcccc68d57b40
timestamp: 2014-11-20 18:03:43

Version Info:
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat Update Service
FileVersion: 1.801.10.4720
InternalName: armsvc.exe
LegalCopyright: Copyright © 2013 Adobe Systems Incorporated.  All rights reserved.
OriginalFilename: armsvc.exe
ProductName: Adobe Acrobat Update Service
ProductVersion: 1.801.10.4720
Translation: 0x0409 0x04b0

Trojan:Win32/Phonzy.B!ml also known as:

Bkav	W32.Common.51B412D7
Skyhigh	BehavesLike.Win32.Generic.tt
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Virus.Xpiro-10018736-1
Sophos	ML/PE-A
Ikarus	Virus.Win32.Expiro
Varist	W32/Floxif.H.gen!Eldorado
Microsoft	Trojan:Win32/Phonzy.B!ml
Google	Detected
Malwarebytes	Floxif.Virus.FileInfector.DDS
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X