How to remove “Application.Heur.cmKfbyC5iVeO”?

The Application.Heur.cmKfbyC5iVeO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Application.Heur.cmKfbyC5iVeO virus can do?

Unconventionial language used in binary resources: Hebrew
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity detected but not expressed in API logs

How to determine Application.Heur.cmKfbyC5iVeO?


File Info:
crc32: 81665338
md5: 234937b48a5f7600e1d0832e5a85c9be
name: rdpv.exe
sha1: 48d3afdb5248b3b101bfdd89ac5b839f7554f681
sha256: 06ddc8312d3e0443632790f659f37a94f5c57ba76bc3a40dc7d35600750140ff
sha512: 5c5db283106ddb3972b791990b43d46a537c767371e89395fe553c694235431ffce69d2361b318752a25b5cf2153d19c503319d2bea551cabe1bfc8df5b731bc
ssdeep: 768:nIE84pEApdjRzejRaNe4sFLC/5hc8i7dz/b+9wU:hbPUdaI4OWs8op/b/U
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright xa9 2006 Nir Sofer
InternalName: Remote Desktop PassView
FileVersion: 1.00
CompanyName: NirSoft
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Remote Desktop PassView
SpecialBuild: 
ProductVersion: 1.00
FileDescription: Remote Desktop Password Recovery
OriginalFilename: rdpv.exe
Translation: 0x0409 0x04b0

Application.Heur.cmKfbyC5iVeO also known as:

MicroWorld-eScan	Gen:Application.Heur.cmKfbyC5iVeO
FireEye	Gen:Application.Heur.cmKfbyC5iVeO
McAfee	HTool-PassView
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Gen:Application.Heur.cmKfbyC5iVeO
TrendMicro	Dialer_PlayGames
F-Prot	W32/HackTool.AJT
Symantec	PasswordRevealer
GData	Gen:Application.Heur.cmKfbyC5iVeO
Kaspersky	not-a-virus:PSWTool.Win32.IEPassView.b
Alibaba	RiskWare:Win32/IEPassView.c993f9d1
NANO-Antivirus	Riskware.Win32.Netpass.lsxdt
Comodo	Malware@#hb0b93c9xr9k
DrWeb	Tool.Netpass
Zillya	Tool.IEPassView.Win32.115
McAfee-GW-Edition	HTool-PassView
MaxSecure	Trojan.Malware.1113709.susgen
CMC	Generic.Win32.234937b48a!MD
Sophos	NirSoft (PUA)
Ikarus	not-a-virus:PSWTool.Win32.IEPassView
Cyren	W32/Tool.PQZV-3737
Jiangmin	PSWTool.IEPassView.dd
Webroot	W32.Suspicious.Heur
MAX	malware (ai score=99)
Antiy-AVL	Trojan[PSWTool]/Win32.IEPassView
Arcabit	Application.Heur.cmKfbyC5iVeO
AegisLab	Riskware.Win32.IEPassView.1!c
ZoneAlarm	not-a-virus:PSWTool.Win32.IEPassView.b
AhnLab-V3	Win-AppCare/Iepassview.32768
Panda	W32/Mytob.QL.worm
ESET-NOD32	a variant of Win32/PSWTool.RDPassView.NAD potentially unsafe
TrendMicro-HouseCall	Dialer_PlayGames
Yandex	Riskware.PSWTool!
Fortinet	Riskware/IEPassView
AVG	FileRepMalware [PUP]
Cybereason	malicious.48a5f7
Avast	Win32:PSWtool-V [PUP]

How to remove Application.Heur.cmKfbyC5iVeO?

Application.Heur.cmKfbyC5iVeO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X