Malware

How to remove “MSIL/PSW.CoinStealer.W”?

Malware Removal

The MSIL/PSW.CoinStealer.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/PSW.CoinStealer.W virus can do?

  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine MSIL/PSW.CoinStealer.W?



File Info:

crc32: 7BD7646A
md5: f85df5f985a5c31d16ead22e671a8595
name: F85DF5F985A5C31D16EAD22E671A8595.mlw
sha1: 52cc0528ac56e7c8b0778b1fe3cdc128a57f3eae
sha256: 5d4657f1c854f9e7684b2a4164f71b89cde0b0a9bc3c52f67a0fcbd8d4f5d306
sha512: edcc13620e5e55b390088b875845f9d1b16e2d05eb97c85d812171a75f53e9227f54c6eef07e71107a8b1f1ff64c2b7eb6f03b7a347a98b7e2b0331e66cae068
ssdeep: 192:qaiV1N9aCAa1my3CrqZIqm7SzRxkOJd1whbOXPcPWsN:qaiDN8CD3SrqZfEixkw1C5Ws
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft 2021
Assembly Version: 1.0.0.0
InternalName: Windows Logon Application.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
ProductName: Windows Logon Application
ProductVersion: 1.0.0.0
FileDescription: Windows Logon Application
OriginalFilename: Windows Logon Application.exe

MSIL/PSW.CoinStealer.W also known as:

MicroWorld-eScanGen:Variant.MSIL.Lynx.48
ALYacGen:Variant.MSIL.Lynx.48
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.MSIL.Lynx.48
K7GWTrojan ( 700000121 )
Cybereasonmalicious.985a5c
BitDefenderThetaGen:NN.ZemsilF.34590.am0@a0C4J!l
ESET-NOD32a variant of MSIL/PSW.CoinStealer.W
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Generic
RisingSpyware.ClipBanker!1.B627 (CLASSIC)
Ad-AwareGen:Variant.MSIL.Lynx.48
EmsisoftGen:Variant.MSIL.Lynx.48 (B)
F-SecureHeuristic.HEUR/AGEN.1128535
DrWebTrojan.ClipBankerNET.19
TrendMicroTSPY_COINSTEAL.SM2
FireEyeGen:Variant.MSIL.Lynx.48
AviraHEUR/AGEN.1128535
MicrosoftTrojan:Script/Phonzy.A!ml
ArcabitTrojan.MSIL.Lynx.48
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataMSIL.Trojan.ClipBanker.C
CynetMalicious (score: 85)
MAXmalware (ai score=89)
PandaTrj/GdSda.A
TrendMicro-HouseCallTSPY_COINSTEAL.SM2
FortinetMSIL/CoinStealer.W!tr
AVGWin32:PWSX-gen [Trj]

How to remove MSIL/PSW.CoinStealer.W?

MSIL/PSW.CoinStealer.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment