Categories: Virus

How to remove “Virus:Win32/Yaz.A”?

The Virus:Win32/Yaz.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Virus:Win32/Yaz.A virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Installs OpenCL library, probably to mine Bitcoins
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Crashed cuckoomon during analysis. Report this error to the Github repo.
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

How to determine Virus:Win32/Yaz.A?


File Info:
crc32: 851DB5ACmd5: 143510dc0289122a43733b856e3de841name: 143510DC0289122A43733B856E3DE841.mlwsha1: 1dc712ab1ce2ad36df79e6905ca025301ac486fdsha256: f44b39ccd6f1b9dd2bb05c19b7c2240019e3ed0912efb3a292671b76db82ed6asha512: 56c3af2fa9d2620090eef03140819115fbc5303653325fb80af4ba22d4fbb9de1f5c9e84dbbb48759b92125812db81e415ff8fbf5a34be6c6e4fa6b5fc15876assdeep: 3072:Q2L+cvwVw5YQnxAb6BvZcHLPm+Q+owZR8KNo0:Q+15NRGznTv8Ku0type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Virus:Win32/Yaz.A also known as:

Bkav	W32.yaExtractorDA.PE
K7AntiVirus	Trojan ( 005451b81 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.94
Cynet	Malicious (score: 100)
CAT-QuickHeal	W32.Yaz.A
ALYac	Generic.Ransom.Xorist.D28AEBD4
Cylance	Unsafe
Zillya	Virus.Yazzz.Win32.1
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Virus:Win32/Xorist.7252444f
K7GW	Trojan ( 005451b81 )
Cybereason	malicious.c02891
Baidu	Win32.Virus.Yaz.a
Cyren	W32/Yaz.A
Symantec	Ransom.CryptoTorLocker
ESET-NOD32	Win32/Agent.OVQ
APEX	Malicious
Avast	Win32:Yaz-A
ClamAV	Win.Trojan.Yaz-1
Kaspersky	Virus.Win32.Yaz.a
BitDefender	Generic.Ransom.Xorist.D28AEBD4
NANO-Antivirus	Virus.Win32.Yaz.jgeya
ViRobot	Win32.YAZ.A
MicroWorld-eScan	Generic.Ransom.Xorist.D28AEBD4
Tencent	Virus.Win32.Yaz.b
Ad-Aware	Generic.Ransom.Xorist.D28AEBD4
Sophos	Mal/Generic-R + W32/Yaz-A
Comodo	TrojWare.Win32.Kryptik.ER@4o1ar2
BitDefenderTheta	AI:FileInfector.9095DFEB0B
VIPRE	Virus.Win32.Yaz.a (v)
TrendMicro	PE_YAZ.A
McAfee-GW-Edition	W32/Yaz.a
FireEye	Generic.mg.143510dc0289122a
Emsisoft	Generic.Ransom.Xorist.D28AEBD4 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Win32/Yaz.a
Webroot	W32.Malware.Gen
Avira	W32/Yazz.aumnb
Microsoft	Virus:Win32/Yaz.A
AegisLab	Trojan.Win32.Xorist.lpjq
GData	Generic.Ransom.Xorist.D28AEBD4
AhnLab-V3	Win32/Yaz.X796
Acronis	suspicious
McAfee	W32/Yaz.a
MAX	malware (ai score=100)
VBA32	Virus.Yazz
Malwarebytes	Ransom.Xorist
Panda	W32/Yazz.A
TrendMicro-HouseCall	PE_YAZ.A
Rising	Trojan.Ransom!1.690B (CLOUD)
Yandex	Trojan.GenAsa!WMPZeg7Kq7U
Ikarus	Trojan-Ransom.Xorist
Fortinet	W32/Xorist.DD8C!tr.ransom
AVG	Win32:Yaz-A
Paloalto	generic.ml