Should I remove "Win64/BazarLoader.R"?

The Win64/BazarLoader.R is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win64/BazarLoader.R virus can do?

Presents an Authenticode digital signature
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Anomalous binary characteristics

How to determine Win64/BazarLoader.R?


File Info:
crc32: 9A6D7482
md5: fa9ecf2629219fb0629f3f0c0e1bf587
name: upload_file
sha1: 561e4c8c3de26ca6954f9f1ae4fa0b51d6d328b2
sha256: bc0f09c3efc74215e93165fdda0d37b6f19566a25f04b1ef89713de41524a1e0
sha512: 72ff41a60a8aa0c4cac9b73d7f1e1dfee211f8c4912a8358888b118e948c38e2e219934aeb4db272ff8679b053de38aa4504cbbdc6df795abc6915feb0e44521
ssdeep: 196608:akYZ6ZRSJJ01qMlgkfBe0sx7BogxN44qYO2FLOyomFHKnPAWFLOyomFHKnPB:ahJcBzE4BYHFeFI
type: PE32+ executable (GUI) x86-64, for MS Windows

Version Info:
LegalCopyright: TODO: (C) x3002x4fddx7559x6240x6709x6743x5229x3002
InternalName: cow2.exe
FileVersion: 1.0.0.1
CompanyName: TODO: 
ProductName: TODO: 
ProductVersion: 1.0.0.1
FileDescription: cow2
OriginalFilename: cow2.exe
Translation: 0x0804 0x04b0

Win64/BazarLoader.R also known as:

MicroWorld-eScan	Trojan.Agent.EXVW
FireEye	Trojan.Agent.EXVW
CAT-QuickHeal	Trojandownloader.Bazloader
McAfee	Artemis!FA9ECF262921
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Bazloader.a!c
K7AntiVirus	Trojan ( 005718d91 )
BitDefender	Trojan.Agent.EXVW
K7GW	Trojan ( 005718d91 )
CrowdStrike	win/malicious_confidence_100% (W)
Invincea	Mal/Generic-S
Symantec	Trojan.Gen.2
Kaspersky	Trojan-Downloader.Win32.Bazloader.g
Alibaba	TrojanDownloader:Win32/Bazloader.f47ea20f
Rising	Trojan.Bazar!8.121E3 (TFE:5:zotW1BtlPpF)
Ad-Aware	Trojan.Agent.EXVW
Emsisoft	MalCert-S.CX (A)
Comodo	fls.noname@0
F-Secure	Trojan.TR/Agent.ulnqd
DrWeb	Trojan.Packed2.42633
TrendMicro	Trojan.Win64.BAZALOADER.B
McAfee-GW-Edition	Artemis!Trojan
Webroot	W32.Trojan.Bazarloader
Avira	TR/Agent.ulnqd
Microsoft	Trojan:Win64/CryptInject.KSH!cert
Arcabit	Trojan.Agent.EXVW
ZoneAlarm	Trojan-Downloader.Win32.Bazloader.g
GData	Trojan.Agent.EXVW
AhnLab-V3	Trojan/Win64.BazarLoader.R353552
ALYac	Trojan.Agent.Bazar
MAX	malware (ai score=82)
Malwarebytes	Trojan.Bazar
Panda	Trj/CI.A
ESET-NOD32	Win64/BazarLoader.R
TrendMicro-HouseCall	Trojan.Win64.BAZALOADER.B
Ikarus	Trojan.Win64.Bazarloader
Fortinet	W64/BazarLoader.R!tr
AVG	FileRepMalware
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Downloader.b22

How to remove Win64/BazarLoader.R?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

File Info:

crc32: 1592C5C4
md5: 8c32e44ea7eadbeca921d8e292171556
name: upload_file
sha1: 7bbd86dd91e2a43ae6d7a132ac1918875146a40c
sha256: f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5
sha512: 5ab2311c7eb9b2b73450cd3a16d16261990c9c14723fc990daf548a45b3c135761613b4b9f612c93083d8f7fcecc46ba8665e197eaebdc914426d38d074ba0f2
ssdeep: 196608:akYZ6ZRSJJ01qMlXkfBe0sx7BogxN44qYO2FLOyomFHKnPAWFLOyomFHKnPr:ahJNBzE4BYHFeFG
type: PE32+ executable (GUI) x86-64, for MS Windows

Version Info:

LegalCopyright: TODO: (C) x3002x4fddx7559x6240x6709x6743x5229x3002
InternalName: cow2.exe
FileVersion: 1.0.0.1
CompanyName: TODO:
ProductName: TODO:
ProductVersion: 1.0.0.1
FileDescription: cow2
OriginalFilename: cow2.exe
Translation: 0x0804 0x04b0

Should I remove “Win64/BazarLoader.R”?