How to remove “PasswordStealer.Spyware.Stealer.DDS”?

The PasswordStealer.Spyware.Stealer.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PasswordStealer.Spyware.Stealer.DDS virus can do?

Authenticode signature is invalid
Binary compilation timestomping detected

How to determine PasswordStealer.Spyware.Stealer.DDS?


File Info:
name: 8F6260A972627D20264A.mlw
path: /opt/CAPEv2/storage/binaries/5863e3a9b844d4377311d3b5126791d47b4d73070d7a2a6e60bbdf87e0d3ecf3
crc32: 94418897
md5: 8f6260a972627d20264ae21d9a80a559
sha1: 2d71402939bc2dc5732cf6c914d2142c4829401f
sha256: 5863e3a9b844d4377311d3b5126791d47b4d73070d7a2a6e60bbdf87e0d3ecf3
sha512: 376853f5341910c46a6422a1b462c37427a1ff2b69f85274fcae087806ffce0f878a607afcc336d4a86540b0f0d6f18afd6dcd9ebff603e1582579304ca80787
ssdeep: 3072:OmpcjvqySgPAQd4u2IYJFFfKUfWPsaFN96Hki0sMXSl8eN7sXJXucGTSYe:5cWoPAtvZKUfeV6Hk7y8eNYUpS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0245C182BB88A13E26F8BBD91B1029B8B70F103F419F74E5C8CA9F91466742F945F57
sha3_384: 5789c0f0ff8ac584414c23ce542ab6edb531a6c041d63461cb1aa0d74634ef29699de332b06014421e945602fb258041
ep_bytes: ff250020400000000000000000000000
timestamp: 2045-09-18 05:23:13

Version Info:
Translation: 0x0000 0x04b0
Comments: Payload file for Umbral Stealer.
CompanyName: 
FileDescription: 
FileVersion: 0.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 0.0.0.0
Assembly Version: 1.0.0.0
AssemblyVersion: 0.0.0.0

PasswordStealer.Spyware.Stealer.DDS also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	IL:Trojan.MSILZilla.27419
Sangfor	Virus.Win32.Save.a
VirIT	Trojan.Win32.Genus.QRS
Cyren	W32/MSIL_Agent.FGE.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/PSW.Agent.SZC
APEX	Malicious
ClamAV	Win.Malware.Msilzilla-10003120-0
Kaspersky	HEUR:Trojan.MSIL.Dizemp.gen
BitDefender	IL:Trojan.MSILZilla.27419
MicroWorld-eScan	IL:Trojan.MSILZilla.27419
Avast	Win32:PWSX-gen [Trj]
Emsisoft	IL:Trojan.MSILZilla.27419 (B)
DrWeb	Trojan.PWS.Stealer.36718
VIPRE	IL:Trojan.MSILZilla.27419
McAfee-GW-Edition	GenericRXVX-YE!8F6260A97262
FireEye	IL:Trojan.MSILZilla.27419
Sophos	Troj/Disteal-AC
Ikarus	Trojan-Spy.Agent
MAX	malware (ai score=85)
Microsoft	Trojan:MSIL/FormBook.CD!MTB
Arcabit	IL:Trojan.MSILZilla.D6B1B
GData	MSIL.Trojan-Stealer.UmbralStealer.B
Google	Detected
AhnLab-V3	Trojan/Win.MalwareX-gen.C5411303
McAfee	GenericRXVX-YE!8F6260A97262
Malwarebytes	PasswordStealer.Spyware.Stealer.DDS
Rising	Stealer.Agent!8.C2 (TFE:dGZlOg1l3z5mcRoTuA)
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/PSW.AGENT.SZC!tr
BitDefenderTheta	Gen:NN.ZemsilF.36250.nm0@ay0uzXi
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

How to remove PasswordStealer.Spyware.Stealer.DDS?

PasswordStealer.Spyware.Stealer.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X