Malware

PWS:Win32/Fareit.AC removal guide

Malware Removal

The PWS:Win32/Fareit.AC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Fareit.AC virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Queries information on disks, possibly for anti-virtualization
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
myp0nsite.ru

How to determine PWS:Win32/Fareit.AC?



File Info:

crc32: 862CD8E3
md5: 356f010095c1787dc7ec7ed3c61e2f97
name: 356F010095C1787DC7EC7ED3C61E2F97.mlw
sha1: d3259caf29e7fdac82cad207e2f186ceb2a4e71b
sha256: f91d7c667923b3dab5392918c0b2add2810907c2127cca34b0f3c304b7c84798
sha512: b4b2271119f09967264b515d6d606f47af6c9c213b8c47d758f58946725244f480c63903723560b39cec265e6dc9da4d18af81a449970cbb967a210892cc503c
ssdeep: 12288:zGrIqwXKClPyvWQdsJn2jea0buqHpeAugtz/TFftxCL/SxZW3U7tvxC+esTCmdp:z7DPyPuIqRugNFF+Uf2mdpb2a2wn
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2000-2016 by Bitvise Limited.
InternalName: BvSshClient
FileVersion: 7.15.0.0
CompanyName: Bitvise Limited
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Bitvise SSH Client
SpecialBuild: 
ProductVersion: 7.15
FileDescription: Bitvise SSH Client
OriginalFilename: BvSsh.exe
Translation: 0x0409 0x04b0

PWS:Win32/Fareit.AC also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.17779
MicroWorld-eScanDeepScan:Generic.PonyStealer.AFE9BC07
FireEyeGeneric.mg.356f010095c1787d
ALYacDeepScan:Generic.PonyStealer.AFE9BC07
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0052d4b21 )
BitDefenderDeepScan:Generic.PonyStealer.AFE9BC07
K7GWTrojan ( 0052d4b21 )
Cybereasonmalicious.095c17
BitDefenderThetaGen:NN.ZexaCO.34804.eT0aauB!!9ek
CyrenW32/Injector.JD.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Dropper.LokiBot-9816086-0
KasperskyHEUR:Trojan-PSW.Win32.Fareit.vho
NANO-AntivirusTrojan.Win32.Agent.emqpxs
TencentWin32.Trojan.Generic.Ljat
Ad-AwareDeepScan:Generic.PonyStealer.AFE9BC07
EmsisoftDeepScan:Generic.PonyStealer.AFE9BC07 (B)
ComodoTrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
F-SecureHeuristic.HEUR/AGEN.1105366
TrendMicroTROJ_GEN.USGC2317
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosML/PE-A + Troj/Fareit-CFF
IkarusTrojan.Win32.PSW
AviraHEUR/AGEN.1105366
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftPWS:Win32/Fareit.AC
ArcabitDeepScan:Generic.PonyStealer.AFE9BC07
ZoneAlarmHEUR:Trojan-PSW.Win32.Fareit.vho
GDataDeepScan:Generic.PonyStealer.AFE9BC07
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Abnores.R194460
Acronissuspicious
McAfeeArtemis!356F010095C1
MAXmalware (ai score=89)
VBA32BScope.TrojanPSW.Tepfer
MalwarebytesMalware.AI.2925966767
PandaTrj/CI.A
ESET-NOD32Win32/PSW.Fareit.A
TrendMicro-HouseCallTROJ_GEN.USGC2317
RisingTrojan.Injector!8.C4 (TFE:5:jNt8DRmsOvI)
YandexTrojan.GenAsa!1CEInBQq9Pk
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Fareit.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (D)
Qihoo-360Win32/Trojan.PSW.a88

How to remove PWS:Win32/Fareit.AC?

PWS:Win32/Fareit.AC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment