Backdoor:Win32/Psychwar.A removal tips

The Backdoor:Win32/Psychwar.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:Win32/Psychwar.A virus can do?

Authenticode signature is invalid

How to determine Backdoor:Win32/Psychwar.A?


File Info:
name: C7386EFBAAF8712AFA64.mlw
path: /opt/CAPEv2/storage/binaries/4fbd7246649f1817596fb310ed8f00304dac3fd979ededee0df5a1d1343ffcbf
crc32: 3FD0D5BF
md5: c7386efbaaf8712afa64c8a0e55b8671
sha1: c379aa068dfd3f6f25140cd6921fd0cd1b63f241
sha256: 4fbd7246649f1817596fb310ed8f00304dac3fd979ededee0df5a1d1343ffcbf
sha512: 70dc4fc889b4de5726e5f7db47a69fec118b695579d10f5b76c2f4d4d688520eb233424d5038211544914e620999786bbd012d9823fdd652262e5b29cbac43ff
ssdeep: 768:mrYgFNAepbs1Kx7YB5xrWyxiStljgmDBqbDdDW1+oO:m8hep1YBDIStljgmEbd5o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T160038D1B7CF1CA33CA9580B205FB8F196BBF6562024151D79B60DDB97D20BE05E3B246
sha3_384: 5c0b756e68dc6a8da318edb76beba9e5e31218078dae70c819049d147e4ea401a5b4aac21a7a17770cac088c91584240
ep_bytes: 558bec6aff683081400068d442400064
timestamp: 1999-11-12 03:30:02

Version Info:
0: [No Data]

Backdoor:Win32/Psychwar.A also known as:

Bkav	W32.Common.82A6A461
Lionic	Trojan.Win32.Psychward.m!c
MicroWorld-eScan	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme
FireEye	Generic.mg.c7386efbaaf8712a
Skyhigh	BehavesLike.Win32.Infected.pm
ALYac	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme
Cylance	unsafe
Zillya	Backdoor.Psychward.Win32.47
Sangfor	Backdoor.Win32.Psychward.Vdyj
K7AntiVirus	Trojan ( 000025741 )
Alibaba	Backdoor:Win32/Psychward.430b52dd
K7GW	Trojan ( 000025741 )
BitDefenderTheta	AI:Packer.C762E3AC1E
VirIT	Backdoor.Win32.PSYCHWARD
Symantec	Backdoor.Psychward
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Psychward.A
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Psychward.a
BitDefender	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme
NANO-Antivirus	Trojan.Win32.Psychward.gmkk
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.115d0e80
TACHYON	Backdoor/W32.Psychward.40960
Emsisoft	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme (B)
F-Secure	Trojan.TR/Psychward.Srv-2
DrWeb	BackDoor.Psychward
VIPRE	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme
TrendMicro	TROJ_PSYCHWARD.A
Sophos	Mal/IRCBot-B
SentinelOne	Static AI – Malicious PE
GData	Gen:Trojan.IRC-Backdoor.cmW@aWYdVme
Jiangmin	Backdoor/Psychward.a
Webroot	W32.Trojan.Backdoor-Psychward
Google	Detected
Avira	TR/Psychward.Srv-2
Antiy-AVL	Trojan[Backdoor]/Win32.Psychward
Kingsoft	Win32.Hack.Psychward.a
Xcitium	Backdoor.Win32.Psychward.A@3nkr
Arcabit	Trojan.IRC-Backdoor.ED7C70
ViRobot	Backdoor.Win32.Psychward.40960
ZoneAlarm	Backdoor.Win32.Psychward.a
Microsoft	Backdoor:Win32/Psychwar.A
Varist	W32/Risk.JOKX-7612
McAfee	Artemis!C7386EFBAAF8
MAX	malware (ai score=100)
VBA32	Backdoor.Psychward
Malwarebytes	Generic.Malware/Suspicious
Panda	Bck/Psychward
TrendMicro-HouseCall	TROJ_PSYCHWARD.A
Rising	Trojan.Psychward.a (CLASSIC)
Yandex	Backdoor.Psychward.A
Ikarus	Backdoor.Win32.IRCBot
MaxSecure	Trojan.Malware.1846624.susgen
Fortinet	W32/Psychward.A!tr.bdr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Psychwar.A?

Backdoor:Win32/Psychwar.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X