Malware

PWS:Win32/Deathmin.H removal guide

Malware Removal

The PWS:Win32/Deathmin.H is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PWS:Win32/Deathmin.H virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Unconventionial language used in binary resources: Russian
  • Installs itself for autorun at Windows startup
  • A process sent information about the computer to a remote location.
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
monarchp.org

How to determine PWS:Win32/Deathmin.H?


File Info:

crc32: 4D23955C
md5: d29dcf1eb867559e21069cf66484b79c
name: D29DCF1EB867559E21069CF66484B79C.mlw
sha1: ee347cb34ef4c30d9dcc53a950d381b2adddf41b
sha256: 3bba5177efbb525587ad2b83d81e4d4ee1d2d06486409380e9efea9b43da9a1d
sha512: 40b7ee8a4e9f2fff0eee44bd8a599214d2528c93373b6f789f9ff0b5154efc5711ed9cd8c0413f3a208c562298db9ca479f36298911762b032db8733c7f5aca4
ssdeep: 768:D+yUqQ1sz5zqjDQXaskNbKON53FcqgjKwCYG/wrmKjoRKHjV05EhQ3c3788i:KyUqQ1s9/ErxgjKuUwea0U5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

PWS:Win32/Deathmin.H also known as:

K7AntiVirusTrojan ( 7000000f1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.MLD
CynetMalicious (score: 100)
ALYacTrojan.Pws.Deathmin.F
CylanceUnsafe
ZillyaTrojan.Deathmin.Win32.9
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaTrojanPSW:Win32/Deathmin.78060327
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.eb8675
CyrenW32/Deathmin.HDQS-1807
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Deathmin
APEXMalicious
AvastWin32:Deathmin [Trj]
KasperskyTrojan-PSW.Win32.Delf.ev
BitDefenderTrojan.Pws.Deathmin.F
NANO-AntivirusTrojan.Win32.Deathmin.gyyy
MicroWorld-eScanTrojan.Pws.Deathmin.F
TencentWin32.Trojan-qqpass.Qqrob.Wqmv
Ad-AwareTrojan.Pws.Deathmin.F
SophosML/PE-A
ComodoMalware@#1ufcp366p8buz
BitDefenderThetaAI:Packer.5B03CE341F
VIPREBehavesLike.Win32.Malware.ssc (mx-v)
McAfee-GW-EditionBehavesLike.Win32.Wabot.kh
FireEyeGeneric.mg.d29dcf1eb867559e
EmsisoftTrojan.Pws.Deathmin.F (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/PSW.Deathmin.b
AviraTR/Redcap.coenv
Antiy-AVLTrojan/Generic.ASMalwS.BD2B5
MicrosoftPWS:Win32/Deathmin.H
ArcabitTrojan.Pws.Deathmin.F
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Pws.Deathmin.F
Acronissuspicious
McAfeePWS-MLD.a
MAXmalware (ai score=100)
VBA32suspected of Trojan-PSW.Delf.18
MalwarebytesMalware.AI.371443649
PandaTrj/Deathmin.B
RisingTrojan.Generic@ML.96 (RDML:j8x2MxHgpo2mJBhSmv2cYA)
IkarusBackdoor.Win32.IRCBot
eGambitGeneric.Malware
FortinetW32/Deathmin.F!tr.pws
AVGWin32:Deathmin [Trj]
Qihoo-360Win32/TrojanPSW.Generic.HwUBEpsA

How to remove PWS:Win32/Deathmin.H?

PWS:Win32/Deathmin.H removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment