PWS:Win32/Tamenoc.A removal

The PWS:Win32/Tamenoc.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PWS:Win32/Tamenoc.A virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid
Anomalous binary characteristics

How to determine PWS:Win32/Tamenoc.A?


File Info:
name: E2E0DF211C7C92692EE0.mlw
path: /opt/CAPEv2/storage/binaries/a94486d361c9e72446020f1c2fe310ffb8a5c2f4a981f5b95951ecd9a432f0ad
crc32: 7F4639DA
md5: e2e0df211c7c92692ee0918fca18ffde
sha1: ac627a2ed004ead4976366ca30999233464905ff
sha256: a94486d361c9e72446020f1c2fe310ffb8a5c2f4a981f5b95951ecd9a432f0ad
sha512: fb7b79d9b02f4d7c7a6151c910d85a602d9065920e80eff79f75a4e3ee4196beb549428ef355d00eeae2260e0618e2b8435242bae618ff5ef1d742900c992b63
ssdeep: 768:OcHYip4KyUFZbvIBEHjgaWFt6sSfMSQ43sySLslFRHQ5JBquRW6KYRbBoYsE4X/n:OBeUShs1yjkJBqk7p0/wKIU1IxVo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13E43E63BB7810006E55AA23129E7DBEA57337C689F8B5907315A333E1C39F125C66B1B
sha3_384: 7ebcc907ffe1310bd071bd1e23b359b611d9dcff3d90687f3212fe315060cd1d9763bde031ebeaa58447ec6c805a9348
ep_bytes: 68dc134000e8eeffffff000000000000
timestamp: 2009-09-24 14:21:32

Version Info:
Translation: 0x0409 0x04b0
CompanyName: HOME
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: stub
OriginalFilename: stub.h7labs

PWS:Win32/Tamenoc.A also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
ClamAV	Win.Malware.Tspy-6804793-0
FireEye	Generic.mg.e2e0df211c7c9269
CAT-QuickHeal	Trojan.VBCrypt.MF.6749
McAfee	GenericRXAA-AA!E2E0DF211C7C
Zillya	Trojan.VB.Win32.18976
Sangfor	Suspicious.Win32.Save.vb
Cybereason	malicious.ed004e
BitDefenderTheta	Gen:NN.ZevbaF.36662.dm0@aujxS2pi
VirIT	Trojan.Win32.VB.BAW
Cyren	W32/VBInject.CC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/PSW.VB.NDI
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.Win32.VB.baw
NANO-Antivirus	Trojan.Win32.Agent.ecvsbx
Avast	Win32:VB-AAHT [Trj]
Sophos	Troj/VB-EKR
Baidu	Win32.Trojan.VB.ez
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.PWS.Siggen.29701
TrendMicro	TSPY_VB.JKC
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.PSW.VB.ap
Webroot	W32.Infostealer.Gen
Avira	TR/Dropper.Gen
Xcitium	TrojWare.Win32.PSW.VB.NDI0@1i157v
ZoneAlarm	Trojan-PSW.Win32.VB.baw
Microsoft	PWS:Win32/Tamenoc.A
Google	Detected
VBA32	SScope.Trojan.VBO.050
Cylance	unsafe
TrendMicro-HouseCall	TSPY_VB.JKC
Rising	Stealer.Tamenoc!8.144FA (TFE:3:1laLUkRSpq)
Yandex	Trojan.GenAsa!lruPPAjkeUE
Ikarus	Trojan-PWS.Win32.VB
AVG	Win32:VB-AAHT [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove PWS:Win32/Tamenoc.A?

PWS:Win32/Tamenoc.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X