Malware

What is “Win32:Buzus-RB [Trj]”?

Malware Removal

The Win32:Buzus-RB [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Buzus-RB [Trj] virus can do?

  • Executable code extraction
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32:Buzus-RB [Trj]?



File Info:

crc32: 7328DB26
md5: 64e09f347853d2623b6b088acb5b4798
name: 64E09F347853D2623B6B088ACB5B4798.mlw
sha1: 8d7a5d4a970cd0c9567ec02d8a9aae362485befa
sha256: 1a27dae5b2e3ab9692a35d8196cb36056b96e81865b74a4b1272a78241b1979d
sha512: 54eb40507657d1418c36d34ed195a3a76ad74fcc51849ee67693370f38d034404078b59ce468f98ef279bbe7b87656d5eba6d335bb42b1bbfa0faaa6cb05bb0e
ssdeep: 6144:yj6wei2yCy5xKJbVCsI6JmqvKb3wUvtiCGK4yIDx6Grp8wRDsV2K:yKT3tVCsI6JiNvtiGIDx6GN0VB
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2007
InternalName: Keygen.exe
FileVersion: 1, 0, 0, 1
CompanyName: 
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Adobe FireWorks CS3 Keygen
SpecialBuild: 
ProductVersion: 9, 1, 1, 0
FileDescription: Adobe FireWorks CS3 Keygen
OriginalFilename: Keygen.EXE
Translation: 0x0409 0x04b0

Win32:Buzus-RB [Trj] also known as:

LionicTrojan.Win32.Chifrax.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen.304
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Buzus.WT3
ALYacGen:Heur.Crifi.1
CylanceUnsafe
SangforTrojan.Win32.Chifrax.d
CrowdStrikewin/malicious_confidence_60% (D)
Cybereasonmalicious.47853d
CyrenW32/Chifrax!Generic
SymantecDownloader
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Buzus-RB [Trj]
KasperskyTrojan.Win32.Chifrax.d
BitDefenderGen:Heur.Crifi.1
NANO-AntivirusTrojan.Win32.Buzus.dxktth
MicroWorld-eScanGen:Heur.Crifi.1
TencentWin32.Trojan.Chifrax.Wqmy
Ad-AwareGen:Heur.Crifi.1
SophosMal/Generic-R + Troj/BadCab-A
ComodoTrojWare.Win32.Agent.~Wrar@1n6zi5
F-SecureTrojan.TR/Dropper.Gen
BitDefenderThetaAI:Packer.F70DBB2D23
VIPRETrojan.Win32.Chifrax.d (v)
McAfee-GW-EditionBehavesLike.Win32.Dropper.fc
FireEyeGeneric.mg.64e09f347853d262
EmsisoftGen:Heur.Crifi.1 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDropper.KGen.gaj
WebrootTrojan:Win32/VB.ZO
AviraTR/Dropper.Gen
MicrosoftTrojan:Win32/Occamy.C1A
ArcabitTrojan.Crifi.1
ZoneAlarmTrojan.Win32.Chifrax.d
GDataGen:Heur.Crifi.1
AhnLab-V3Trojan/Win32.Chifrax.C2573970
McAfeeArtemis!64E09F347853
MAXmalware (ai score=87)
VBA32Malware-Cryptor.VB.gen.1
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Chifrax.B
RisingTrojan.Generic@ML.100 (RDML:PZniulG939eo10Nigw0oZQ)
IkarusTrojan.Buzus
MaxSecureTrojan.Chifrax.D
FortinetW32/ModCab.A!tr
AVGWin32:Buzus-RB [Trj]

How to remove Win32:Buzus-RB [Trj]?

Win32:Buzus-RB [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment