Malware

Should I remove “Win32/BHO.NYJ”?

Malware Removal

The Win32/BHO.NYJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/BHO.NYJ virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/BHO.NYJ?



File Info:

name: E770BAB6DCFBB635E86A.mlw
path: /opt/CAPEv2/storage/binaries/7ed443ea22dd06833d9ac4967e45bb14b03f07b07fa40bd1ac0ba559571b3237
crc32: D5C284CD
md5: e770bab6dcfbb635e86a6e8f77a1ea90
sha1: 6eb18cb73b0af7b2c3128eaa438a4d72f054b886
sha256: 7ed443ea22dd06833d9ac4967e45bb14b03f07b07fa40bd1ac0ba559571b3237
sha512: f85c5c4232e724edc291dce1ced4a337ee909b5adcd1b464588c23baa95f2e18f75b5a5194dea5a11be460696257d8f24a57e8bdc165a3e64fe2dcf10ca23034
ssdeep: 12288:PmiZ25tazVGo5IraX5mseKl/h8oxshwKulC0NZaweeEHgcVxiqb5CjzG:Pmb5ta7ShseSshw9C0nshnUqb5Cj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142E422287D96C305E4412C786DB240C25BBDBDA739D0544FEF38BB1EB6B01AC5A94C7A
sha3_384: 0906051d768e082a7a974d1ef2d90b0647f92074d17896af9c4144fe8eab551bed08e9c29689cafca2dfc2ce76ba7cb2
ep_bytes: 558bec6aff689061400068703b400064
timestamp: 2002-02-06 20:54:53


Version Info:

Comments: This setup code is the property of Indigo Rose Corporation
CompanyName: Indigo Rose Corporation http://www.indigorose.com
FileDescription: Setup Factory 6.0 Setup Launcher
FileVersion: 6.0.0.3
InternalName: setup
LegalCopyright: 版权所有 (c) 2001 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: setup.exe
PrivateBuild: 
ProductName: setup
ProductVersion: 6.0.0.3
SpecialBuild: 
Translation: 0x0409 0x04e4

Win32/BHO.NYJ also known as:

BkavW32.Common.94E22D74
AVGWin32:Trojan-gen
DrWebTrojan.MulDrop3.59533
FireEyeGeneric.mg.e770bab6dcfbb635
SkyhighBehavesLike.Win32.Dropper.jc
McAfeeArtemis!E770BAB6DCFB
Cylanceunsafe
SangforDropper.Win32.Agent.Vi5h
K7AntiVirusTrojan ( 004d02e81 )
AlibabaTrojan:Win32/Generic.c039a8d5
K7GWTrojan ( 004d02e81 )
BitDefenderThetaAI:Packer.CD53464220
SymantecTrojan Horse
ESET-NOD32a variant of Win32/BHO.NYJ
CynetMalicious (score: 99)
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-687932
KasperskyUDS:DangerousObject.Multi.Generic
NANO-AntivirusTrojan.Win32.VB2.bbttfm
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Bujl
F-SecureDropper.DR/Drop.VB.jtm.32
TrendMicroTROJ_FRS.VSN0AG18
SophosMal/Generic-S
WebrootW32.Dropper.Dunik
GoogleDetected
AviraDR/Drop.VB.jtm.32
MAXmalware (ai score=100)
Antiy-AVLTrojan[Downloader]/Win32.Whinetroe
KingsoftWin32.Troj.Unknown.a
MicrosoftTrojanDropper:Win32/Dunik!rfn
XcitiumMalware@#11sw016tj3vnh
ViRobotTrojan.Win32.A.WSearch.631429
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataWin32.Trojan.Agent.XTORUI
VaristW32/VB.PFAW-4545
AhnLab-V3Dropper/Win32.VB.C2047307
TACHYONTrojan-Dropper/W32.Agent.669073
VBA32Trojan.Wacatac
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_FRS.VSN0AG18
YandexTrojan.DR.VB!/8Q7fLTpvrc
IkarusBackdoor.Win32.Rbot
MaxSecureTrojan.Malware.15361.susgen
DeepInstinctMALICIOUS
alibabacloudTrojan[dropper]:Win/Generic

How to remove Win32/BHO.NYJ?

Win32/BHO.NYJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment