Malware

DeepScan:Generic.MSIL.PasswordStealerD.2B35556A removal tips

Malware Removal

The DeepScan:Generic.MSIL.PasswordStealerD.2B35556A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What DeepScan:Generic.MSIL.PasswordStealerD.2B35556A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to remove evidence of file being downloaded from the Internet
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Collects information to fingerprint the system

How to determine DeepScan:Generic.MSIL.PasswordStealerD.2B35556A?



File Info:

crc32: 23BE845E
md5: 89cfd747c8f05f8bacbbad3196662377
name: 2020.exe
sha1: 2f031bf08ff5752675e85e65bb96f1de77142a4d
sha256: c65fca681836bfa3a15a88e1d0bd1efba388b8d7055ca61d67d756854578edf7
sha512: 8c8febb29904bf84eecada960f911b43eadf7d60cdb1d735efa69306146678635dcd28859706bc7756249882898b0953c0a7265e055230ea2491845d8f62a6dc
ssdeep: 6144:Sg++Sf9DDy/3qsxYIS94xt+hFIUWYOuAdG494DTmsw2Zb/6:5++amasx30Wt8OXG4943p
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: EVKLLMQXOCPYWQUDHYBJXWAPPTAVTFHMFTLONBZJ_20191104012913715.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: EVKLLMQXOCPYWQUDHYBJXWAPPTAVTFHMFTLONBZJ_20191104012913715.exe

DeepScan:Generic.MSIL.PasswordStealerD.2B35556A also known as:

MicroWorld-eScanDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
CAT-QuickHealTrojan.Wacatac
McAfeeGenericRXII-SF!89CFD747C8F0
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.DeepScan.4!c
K7AntiVirusSpyware ( 004bf53c1 )
BitDefenderDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
K7GWSpyware ( 004bf53c1 )
Cybereasonmalicious.7c8f05
TrendMicroTROJ_GEN.R002C0PK419
BitDefenderThetaAI:Packer.0B9C437920
F-ProtW32/MSIL_Troj.RC.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Spy.Agent.AES
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
AlibabaTrojanPSW:MSIL/Agensla.2a4bdd4f
NANO-AntivirusTrojan.Win32.Mlw.gfscwh
RisingSpyware.AgentTesla!1.B864 (CLASSIC)
Ad-AwareDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
EmsisoftDeepScan:Generic.MSIL.PasswordStealerD.2B35556A (B)
F-SecureTrojan.TR/Dropper.Gen
ZillyaTrojan.Agent.Win32.1167353
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
FortinetMSIL/Agent.AES!tr.spy
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.89cfd747c8f05f8b
SophosMal/Generic-S
IkarusTrojan.MSIL.Spy
CyrenW32/Trojan.RINM-1129
eGambitUnsafe.AI_Score_99%
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Wacatac
Endgamemalicious (high confidence)
ArcabitDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.gen
MicrosoftBackdoor:MSIL/Remcos!MTB
AhnLab-V3Trojan/Win32.AgentTesla.C3450450
ALYacDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
MalwarebytesSpyware.AgentTesla.MSIL
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0PK419
SentinelOneDFI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
GDataDeepScan:Generic.MSIL.PasswordStealerD.2B35556A
WebrootW32.Trojan.Gen
AVGFileRepMetagen [Malware]
AvastFileRepMetagen [Malware]
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.PWS.d75

How to remove DeepScan:Generic.MSIL.PasswordStealerD.2B35556A?

DeepScan:Generic.MSIL.PasswordStealerD.2B35556A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment