Malware

How to remove “PWS:Win32/Tibia.W”?

Malware Removal

The PWS:Win32/Tibia.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Tibia.W virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Deletes executed files from disk

How to determine PWS:Win32/Tibia.W?



File Info:

name: F8729AC6BB76934859AC.mlw
path: /opt/CAPEv2/storage/binaries/ab4e3e01a47f759cf98677d5faec3d65eb8a4cbfc5b59d97c96c2b85c15ce50c
crc32: A866ACFA
md5: f8729ac6bb76934859ac5c35bf386e72
sha1: dff3a28482ae1c010b3cdb9ff3ef6ca5c6fceb68
sha256: ab4e3e01a47f759cf98677d5faec3d65eb8a4cbfc5b59d97c96c2b85c15ce50c
sha512: bc2e7dfc2fb32c62db49eaf8637a27e46490279fd847c5849e2e42a87f04db84e270660bca2ea969f2ad824cf4be42d7da65196ab242accd3864e52d8845ed75
ssdeep: 1536:Yl4qiQfR5gBxfrfsaBTkQS2h3Zp2xT1A+DnqgVd409PlKf:v2RGBZ7NTk8f2xT1A+LqgVbPlKf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2635C67B49091B1F0A40FB84C19EB99AA3B79313E36555B32B91B4D0FFA2C25C1E1D3
sha3_384: 6b59cb66fc5caa237686f5c76482167af73e9471aedf6663a4a54a0ee79da1e2fe697b52c0a14d9d7ea8b49f0643c5d1
ep_bytes: 558bec83c4f0b8a0d14000e8047fffff
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

PWS:Win32/Tibia.W also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Tibia.lb6r
MicroWorld-eScanGen:Trojan.Malware.eGX@aa3eKXm
FireEyeGeneric.mg.f8729ac6bb769348
SkyhighBehavesLike.Win32.Eggnog.kh
McAfeeGenericRXAA-AA!F8729AC6BB76
Cylanceunsafe
ZillyaTrojan.Tibia.Win32.8
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 0055e3dc1 )
AlibabaTrojanPSW:Win32/Tibia.e5a9fa2b
K7GWPassword-Stealer ( 0055e3dc1 )
Cybereasonmalicious.6bb769
VirITTrojan.Win32.OnlineGames4.BGUK
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/PSW.Tibia.NAI
APEXMalicious
AvastWin32:Tibia-BA [Trj]
ClamAVWin.Trojan.Tibia-167
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Malware.eGX@aa3eKXm
NANO-AntivirusTrojan.Win32.Tibia.vysv
TencentMalware.Win32.Gencirc.115b402b
EmsisoftGen:Trojan.Malware.eGX@aa3eKXm (B)
F-SecureTrojan.TR/Spy.Gen
DrWebTrojan.PWS.Tibia.73
VIPREGen:Trojan.Malware.eGX@aa3eKXm
Trapminemalicious.high.ml.score
SophosML/PE-A
IkarusTrojan-GameThief.Win32.Tibia
JiangminTrojanSpy.Tibia.c
WebrootW32.Infostealer.Gen
VaristW32/Tibia.C.gen!Eldorado
AviraTR/Spy.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan[GameThief]/Win32.Tibia
KingsoftWin32.Trojan.Generic.a
MicrosoftPWS:Win32/Tibia.W
XcitiumTrojWare.Win32.PSW.Tibia.~BD@newe
ArcabitTrojan.Malware.E47CFD
ViRobotTrojan.Win32.PSWTibia.138072
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Trojan.Malware.eGX@aa3eKXm
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Tibia.C140282
BitDefenderThetaAI:Packer.C6717EB421
ALYacGen:Trojan.Malware.eGX@aa3eKXm
VBA32BScope.Trojan.Bumat
PandaBck/Tibia.N
RisingTrojan.Occamy!8.F1CD (TFE:5:AHKMP6ti0KC)
YandexTrojan.GenAsa!IlJt2G0qXXo
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMalware_fam.gw
AVGWin32:Tibia-BA [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan[spy]:Win/Tibia.NAI

How to remove PWS:Win32/Tibia.W?

PWS:Win32/Tibia.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment