Spy

Should I remove “Generic.PySpy.A.D6870762”?

Malware Removal

The Generic.PySpy.A.D6870762 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.PySpy.A.D6870762 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Generic.PySpy.A.D6870762?


File Info:

name: 105FE112034174AD5ED2.mlw
path: /opt/CAPEv2/storage/binaries/0032548d7739c73c361348695916e442013bc957c2989eeda775cb5a50b956ab
crc32: 63C5A800
md5: 105fe112034174ad5ed2a7d7eaf62f1a
sha1: 0bb93e9eaffc944e4dee02c43a3642e5463b4dd7
sha256: 0032548d7739c73c361348695916e442013bc957c2989eeda775cb5a50b956ab
sha512: a1d2dab7235161e9289e1d2dbb00c7f138443d1c9e64c0cefda80386d0c8667163bae4aef17c454ef60a86c8e1fc347cb21f03c4d79da98cad304b3e9d8984ac
ssdeep: 196608:NsSfQICteEroXx7IP0oTcMsABqlcdgQs7CF46s:/QInEroXOMogFABqydHs7C6j
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T152663348B7580ED4ED669D3449E10C35D472BB724BE0D38B4F7CA6621FEF6902E6AB40
sha3_384: e71b8f606d910d4761869bd8f83e8b57cdd63c707f3c21e085ddf44dcae2d301739f2c6a2ee7b431d587829b7ff98b93
ep_bytes: 4883ec28e8f70400004883c428e972fe
timestamp: 2021-11-09 18:03:59

Version Info:

0: [No Data]

Generic.PySpy.A.D6870762 also known as:

DrWebPython.Stealer.194
MicroWorld-eScanGeneric.PySpy.A.D6870762
FireEyeGeneric.mg.105fe112034174ad
McAfeeArtemis!105FE1120341
CylanceUnsafe
ZillyaTrojan.Agent.Script.1642598
CyrenPYC/Disgrab.B.gen!Camelot
ESET-NOD32Python/PSW.Agent.BP
KasperskyUDS:Trojan-PSW.Win64.Disco.gen
BitDefenderGeneric.PySpy.A.D6870762
AvastPython:PWStealer-A [Spy]
Ad-AwareGeneric.PySpy.A.D6870762
EmsisoftGeneric.PySpy.A.D6870762 (B)
McAfee-GW-EditionBehavesLike.Win64.Ransom.vc
IkarusTrojan-Spy.Python.Disgrab
GDataGeneric.PySpy.A.D6870762
JiangminTrojan.Agentb.kqi
AviraHEUR/AGEN.1141794
Antiy-AVLTrojan[PSW]/Python.Agent
ArcabitGeneric.PySpy.A.DD68D6EA
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
ALYacGeneric.PySpy.A.D6870762
MAXmalware (ai score=85)
MalwarebytesSpyware.DiscordStealer.Python
FortinetPython/Agent.BP!tr
AVGPython:PWStealer-A [Spy]

How to remove Generic.PySpy.A.D6870762?

Generic.PySpy.A.D6870762 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment