Solved! Use 12520437E.EXE (Trojan Barys) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

12520437E.EXE – Trojan Barys removal

FileMD5Virus Alias
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan Barys
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan SuspiciousFile
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan XPACK
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan Generic
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan Agent
12520437E.EXE 57f17e1e102247ca3c887e081f9688a2 Trojan ZBot

12520437E.EXE size: 74240 bytes
12520437E.EXE hash: 57F17E1E102247CA3C887E081F9688A2

Created files:

%SysDir%\1025c.exe
%SysDir%\12520437e.exe
%SysDir%\ansii.exe
%SysDir%\ansip.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32Update: %WinDir%\System32\ansii.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32Update: %WinDir%\System32\ansii.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32Update: %WinDir%\System32\ansii.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32Update: %WinDir%\System32\ansii.exe

Detected by UnHackMe:

12520437E.EXE
Default location: %SYSDIR%\12520437E.EXE

Dropper information:
MD5: 57f17e1e102247ca3c887e081f9688a2
File size: 74240 bytes

Leave a Reply