Malware

PWS:Win32/Skeeyah removal

Malware Removal

The PWS:Win32/Skeeyah is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Skeeyah virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Attempts to identify installed AV products by installation directory

How to determine PWS:Win32/Skeeyah?



File Info:

name: A9D63BF8FC69FB58BCE5.mlw
path: /opt/CAPEv2/storage/binaries/91374f78d11bdb0683f8145ef38645b4c1a5278d89fc07c5d8e94474c079b36f
crc32: 842C706D
md5: a9d63bf8fc69fb58bce5c1f8f13a644e
sha1: e7a81db29203fe5b0b6ea0b1a0c4370ed0faff0b
sha256: 91374f78d11bdb0683f8145ef38645b4c1a5278d89fc07c5d8e94474c079b36f
sha512: 28d19a44527db7d64c00e78299a1196c50e2004d96cba0a51742ad2153a392d69ccccd9d9f95a630f14a2f90980f877000c2c0ea6939d90a8e54dcf9a6439cb1
ssdeep: 768:TGpshozTR4HcBeflNokGmveyhFpVhR1mVBmQ3Jh4:ad4HUylN5GmDFU8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16263510533F94414E6AB3BB61AB7861087B3F5969A35DD1F098EA08B0FA3F425D50F72
sha3_384: 8345eb620f1d03ff5980cccdb820271426968eab77cd80f131712d7d5eb9c823ad54831616f8aece461105e455ab1095
ep_bytes: ff25002040003c003e002f0062007400
timestamp: 2017-02-24 19:09:47


Version Info:

Translation: 0x0000 0x04b0
Comments: Symantec 390
CompanyName: Symantec
FileDescription: Symantec End Protection
FileVersion: 1.0.0.0
InternalName: programs11.exe
LegalCopyright: Copyright ©  2019
LegalTrademarks: 
OriginalFilename: programs11.exe
ProductName: Symantec 390 Protection
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

PWS:Win32/Skeeyah also known as:

BkavW32.AIDetectNet.01
LionicTrojan.MSIL.KeyLogger.l!c
MicroWorld-eScanGen:Variant.MSILPerseus.74256
FireEyeGeneric.mg.a9d63bf8fc69fb58
CAT-QuickHealTrojan.GenericFC.S6060125
ALYacGen:Variant.MSILPerseus.74256
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojanSpy:MSIL/IrcGhost.bc071035
K7GWTrojan ( 700000121 )
Cybereasonmalicious.8fc69f
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/IRCBot.EA
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.MSIL.KeyLogger.gen
BitDefenderGen:Variant.MSILPerseus.74256
NANO-AntivirusTrojan.Win32.IrcGhost.emenld
AvastMSIL:IRCBot-G [Trj]
TencentWin32.Trojan.Spy.Lpva
Ad-AwareGen:Variant.MSILPerseus.74256
EmsisoftGen:Variant.MSILPerseus.74256 (B)
ComodoMalware@#3kbc4k9y5zdag
DrWebTrojan.Siggen6.63994
ZillyaTrojan.IrcGhost.Win32.19
TrendMicroTROJ_FRS.0NA103C320
McAfee-GW-EditionGenericRXBC-HX!A9D63BF8FC69
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R + Troj/IrcGhost-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILPerseus.74256
JiangminTrojanSpy.MSIL.atma
WebrootW32.Trojan.MSIL.IrcGhost
AviraTR/Spy.Gen
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.MSILPerseus.D12210
ZoneAlarmHEUR:Trojan-Spy.MSIL.KeyLogger.gen
MicrosoftPWS:Win32/Skeeyah
CynetMalicious (score: 99)
Acronissuspicious
McAfeeGenericRXBC-HX!A9D63BF8FC69
MAXmalware (ai score=100)
MalwarebytesMalware.AI.1158878973
TrendMicro-HouseCallTROJ_FRS.0NA103C320
YandexTrojan.IRCBot!2/Akm0nqhis
IkarusTrojan.MSIL.IRCBot
FortinetMSIL/Generic.AP.46D5B6!tr
BitDefenderThetaGen:NN.ZemsilF.34742.em0@a88IQBn
AVGMSIL:IRCBot-G [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove PWS:Win32/Skeeyah?

PWS:Win32/Skeeyah removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment