Malware

How to remove “Win32/Bayrob.AQ”?

Malware Removal

The Win32/Bayrob.AQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Bayrob.AQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Win32/Bayrob.AQ?



File Info:

name: 2F35542D34A0164AC0BB.mlw
path: /opt/CAPEv2/storage/binaries/626d63cc2a00a08ea1d88084c03c058fedc37a1ae0a707069abe3d306e8995e4
crc32: 1B94F64E
md5: 2f35542d34a0164ac0bb7a4d5553ec1c
sha1: 012fb0437bfeb1e682f9c1738e32e58f5eda2339
sha256: 626d63cc2a00a08ea1d88084c03c058fedc37a1ae0a707069abe3d306e8995e4
sha512: 904c06cf9e934c802f39bb1a4ada144f684c96c134d4ce2542f50c3b322922f12dcc903b86a5647e982c398e9c9890c822dddb9eed40a3a605aba2074967fc31
ssdeep: 6144:LbKrxUVTCbVPgBe2ki5kjol92os+ps37k2FUgrk9QU15s3UTJoDEspmBlVYi:69LuR6oYoC7tUgrkZsk1vspm3V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C74F5BECD8054EFDE8291B4D50AB7B3EBAD215493E960D71280B774187C895C93FA0B
sha3_384: 7753fc135a05f69f9a887bc20ea898232686f84484128407d627a95e184117bc422372c2d5ee55277bd6ef6c4e08a97f
ep_bytes: 558bec83ec080fb70524b1440069c03f
timestamp: 2015-12-23 05:07:28


Version Info:

0: [No Data]

Win32/Bayrob.AQ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.11545
FireEyeGeneric.mg.2f35542d34a0164a
CAT-QuickHealTrojanSpy.Nivdort.DR3
ALYacGen:Variant.Razy.11545
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004db0c61 )
K7GWTrojan ( 004da1e61 )
Cybereasonmalicious.d34a01
BaiduWin32.Trojan.Generic.bd
CyrenW32/Nivdort.F.gen!Eldorado
SymantecTrojan.Bayrob!gen6
ESET-NOD32a variant of Win32/Bayrob.AQ
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.11545
NANO-AntivirusTrojan.Win32.Dwn.dzkvvl
AvastWin32:Malware-gen
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Razy.11545
SophosML/PE-A + Troj/Nivdort-CZ
DrWebTrojan.DownLoader18.32085
ZillyaTrojan.Tinba.Win32.4150
TrendMicroTROJ_BAYROB.SM1
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
EmsisoftGen:Variant.Razy.11545 (B)
IkarusTrojan.Win32.Bayrob
GDataGen:Variant.Razy.11545
JiangminTrojan.Tinba.cmx
AviraTR/Taranis.1103
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.164623B
MicrosoftTrojanSpy:Win32/Nivdort.CW
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R170875
McAfeeTrojan-FHPD!2F35542D34A0
VBA32BScope.TrojanSpy.Nivdort
MalwarebytesTrojan.Bayrob.Generic
TrendMicro-HouseCallTROJ_BAYROB.SM1
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazopZvEbTrIkLZTsCstvFWV4)
YandexTrojan.GenAsa!6dwgJbh9h/0
SentinelOneStatic AI – Malicious PE
FortinetW32/Bayrob.AQ!tr
BitDefenderThetaAI:Packer.88D43BFD1E
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/Bayrob.AQ?

Win32/Bayrob.AQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment