Malware

How to remove “PWS:Win32/Fignotok.A”?

Malware Removal

The PWS:Win32/Fignotok.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Fignotok.A virus can do?

  • A process created a hidden window
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Steals private information from local Internet browsers
  • Network activity detected but not expressed in API logs
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Uses suspicious command line tools or Windows utilities

How to determine PWS:Win32/Fignotok.A?



File Info:

crc32: 3201AA3B
md5: 7f546038acf02c2e877b6ba1173f71ed
name: istealer.exe
sha1: 5356f75c5d6e9051fc2f513f5a7a82f4ffe46714
sha256: 8a6d922be358ae462e32812abc446e22c1d34ddcdb859ad65beee150acae0781
sha512: b15c8f39557c8f2876b2cf87889f8c1359858bbd96c0700ceead4323ab91789f5f6076b729b280892ce38d911f29238e098fcf33250e8fcdecce0771478173f8
ssdeep: 6144:G0PEtTPkAuAfjlJuj3QjgJ6snJZ/RjY07qVyLOyFTzVxh3VAitO8yb8D/3/5:G0m3blK36QhuIOyFHxlAaO8ye3/5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

PWS:Win32/Fignotok.A also known as:

BkavW32.OnlineGameFCMLIHA.Trojan
MicroWorld-eScanTrojan.PWS.Dybalom.B
FireEyeGeneric.mg.7f546038acf02c2e
CAT-QuickHealTrojan.Fignotok.A
McAfeeBackDoor-ERY
CylanceUnsafe
VIPRETrojan-PSW.Win32.Strpasseal.B (v)
AegisLabTrojan.Win32.Dybalom.lisc
K7AntiVirusPassword-Stealer ( 004ba0301 )
BitDefenderTrojan.PWS.Dybalom.B
K7GWPassword-Stealer ( 004ba0301 )
Cybereasonmalicious.8acf02
TrendMicroTSPY_FIGNOTOK.B
BaiduWin32.Trojan.Fignotok.c
F-ProtW32/Trojan2.MMBV
SymantecInfostealer
TotalDefenseWin32/Fignotok.AU
AvastWin32:Crypt-NBV [Trj]
ClamAVWin.Spyware.75681-2
GDataTrojan.PWS.Dybalom.B
KasperskyTrojan-PSW.Win32.Dybalom.dhc
AlibabaTrojanPSW:Win32/Fignotok.6a7caf4b
NANO-AntivirusTrojan.Win32.Dapato.daebdr
ViRobotTrojan.Win32.PSWDybalom.348160
RisingTrojan.Win32.Fednu.azr (CLASSIC)
Ad-AwareTrojan.PWS.Dybalom.B
SophosTroj/Mdrop-CQE
ComodoTrojWare.Win32.PSW.Dybalom.~FAT@1v5v1y
F-SecureTrojan.TR/Spy.Gen
DrWebTrojan.DownLoad2.50983
ZillyaTrojan.Dybalom.Win32.2421
Invinceaheuristic
McAfee-GW-EditionBackDoor-ERY
CMCTrojan-PSW.Win32.Dybalom!O
EmsisoftTrojan.PWS.Dybalom.B (B)
IkarusTrojan-PWS.Win32.Dybalom
CyrenW32/Trojan.GGZJ-6488
JiangminTrojan/PSW.Dybalom.tb
WebrootW32.Rogue.Gen
AviraTR/Spy.Gen
Antiy-AVLTrojan[PSW]/Win32.Dybalom
Endgamemalicious (high confidence)
ArcabitTrojan.PWS.Dybalom.B
SUPERAntiSpywareTrojan.Agent/Gen-Fignotok
ZoneAlarmTrojan-PSW.Win32.Dybalom.dhc
MicrosoftPWS:Win32/Fignotok.A
AhnLab-V3Win-Trojan/Fignotok.401408
Acronissuspicious
VBA32TrojanPSW.Fignotok
ALYacTrojan.PWS.Dybalom.B
MAXmalware (ai score=82)
MalwarebytesSpyware.PasswordStealer
PandaGeneric Malware
ESET-NOD32Win32/PSW.Fignotok.H
TrendMicro-HouseCallTSPY_FIGNOTOK.B
YandexTrojan.PWS.Dybalom.Gen
SentinelOneDFI – Suspicious PE
FortinetW32/DROPPER.DYB!tr
AVGWin32:Crypt-NBV [Trj]
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Win32/Trojan.PSW.86d

How to remove PWS:Win32/Fignotok.A?

PWS:Win32/Fignotok.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment