Home Malware Programs Trojans TR/Barys.EB.34

TR/Barys.EB.34

Posted: July 25, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 23
First Seen: July 25, 2012
Last Seen: October 2, 2022
OS(es) Affected: Windows

TR/Barys.EB.34 is a Trojan downloader that installs other forms of harmful software without your permission and is distributed as a file attachment in Germany-targeting spam e-mail. TR/Barys.EB.34's recent campaign of mass-mailed e-mail (as of late July 2012) claims that a postal delivery has failed and that additional information is included in an attached .zip archive. SpywareRemove.com malware analysts have also confirmed that PC threats related to TR/Barys.EB.34 often include spyware or scamware functions such as stealing bank account passwords or displaying inaccurate pop-up warnings. It should also be noted that Germany's own Deutsche Bundespost would never request that its customers open an e-mail file attachment in this fashion. Germany-based PC users should become familiar with TR/Barys.EB.34's current e-mail campaign so that they can remove these e-mails as soon as they appear, and full-blown TR/Barys.EB.34 infections should be removed by qualified anti-malware products that can also delete TR/Barys.EB.34's payload.

TR/Barys.EB.34: a Package You Should Never Want to Open

TR/Barys.EB.34's distribution, like that of so many other PC threats, is e-mail-based and uses false pretenses to get victims to open the .zip file that contains TR/Barys.EB.34. This German e-mail claims, rather innovatively, that you're required to print this .zip file's label before you can pick up your delivery at the post office, although canny PC users will note that this isn't standardized behavior for Germany's Bundespost. Opening this file attachment will infect your PC with TR/Barys.EB.34, which may also be identified by quite a few aliases, including TrojanDownloader:Win32/Kuluoz.C, Troj/DwnLdr-KDC, Trojan-Dropper.Win32.Dapato.bnca, TROJ_INJECTR.GJB and TrojanDownloader.Banload.apdt. Most PC security companies have had a definition for TR/Barys.EB.34 for at least a month, although SpywareRemove.com malware researchers always recommend that you keep your anti-malware software updated regardless to provide complete protection from new and self-updating PC threats.

Attacks that SpywareRemove.com malware analysts have found to be likely to originate from TR/Barys.EB.34 include:

  • Downloading and installing other forms of hostile software onto your PC such as spyware that steals private information, browser hijackers that alter your browser's settings and scamware that display fake security pop-ups.
  • Theft of personal information via browser injection attacks that redirect you to phishing sites or steal form-based information – such as account passwords and login names.

Hiking TR/Barys.EB.34 Up to the Top of Your 'To Delete' List

Because TR/Barys.EB.34 is ranked as a high-level PC threat by most PC security companies and has the potential to target extremely sensitive information for theft, SpywareRemove.com malware researchers likewise encourage that you remove TR/Barys.EB.34 as soon as possible. A successful TR/Barys.EB.34 infection may also include additional PC threats that should all, like TR/Barys.EB.34, be deleted with exhaustive anti-malware analyses from suitable software.

Some other PC threats that are associated with TR/Barys.EB.34 (and are often considered high-level PC threats in and of themselves) include ZeroAccess rootkits, fake security programs from the WinWebSec family and fake security programs from the FakeSysdef family.

Technical Details

Additional Information

The following messages's were detected:
# Message
1Dear customer, Our postman couldn’t deliver a package to your address. Reason: an error in the address You can get your package in Post Office personally. You can find a postal label attached. You should print it in order be able to get your package in the Post Office.

Loading...