Malware

How to remove “Python/PSW.Agent.J”?

Malware Removal

The Python/PSW.Agent.J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Python/PSW.Agent.J virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • CAPE detected the PyInstaller malware family
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Python/PSW.Agent.J?



File Info:

name: CB7EA0CFE41E11DE8467.mlw
path: /opt/CAPEv2/storage/binaries/91b5cbf11e8e743bd92adfe979d7512e5c9807a0b3d62d596b0bb4f27c991a3b
crc32: 77B0A373
md5: cb7ea0cfe41e11de8467d7b46359f85b
sha1: 32066802eebc2494b1ef2e83a8a18a8d14853f58
sha256: 91b5cbf11e8e743bd92adfe979d7512e5c9807a0b3d62d596b0bb4f27c991a3b
sha512: 08ebb902cd424ddacd66d305001e1773dfbdf387a1c33b37e0f1847f7ec1051f9317dccbcca461c298263973f04777c9a69a5eb9edbd8963936444b950d5adf5
ssdeep: 196608:YerS9nFUkL8wmJ8EHlfTCW6EWpgNs2It/+nvx1n4Q8xLRwS2NqS7aybaoy7wb:wnFUK8wCteW6EWpgZG84Q8xFVkbayWJY
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B4A633417A0080F7D077643722E6C63635BE90C157121A8BD7F90FBF6BA12D7A7399A2
sha3_384: d7e70fa55e5492c1a1fc2923c20471453aa3fea6de4a92819660b12a060fa322bdfa9c47c79d964f59ec95498eb3238f
ep_bytes: e83f050000e987feffffcccccccccccc
timestamp: 2020-01-05 12:16:15


Version Info:

0: [No Data]

Python/PSW.Agent.J also known as:

BkavW32.AIDetectMalware
SkyhighBehavesLike.Win32.BadFile.tc
McAfeeArtemis!CB7EA0CFE41E
AlibabaTrojanPSW:Win32/Stealer.ec3a9ced
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
ESET-NOD32Python/PSW.Agent.J
APEXMalicious
KasperskyTrojan-PSW.Win32.Stealer.dkb
AvastFileRepMalware [Trj]
TencentWin32.Trojan-QQPass.QQRob.Bkjl
F-SecureTrojan.TR/Spy.GG
AviraTR/Spy.GG
ZoneAlarmTrojan-PSW.Win32.Stealer.dkb
CynetMalicious (score: 99)
FortinetRiskware/LaZagne
AVGFileRepMalware [Trj]
DeepInstinctMALICIOUS

How to remove Python/PSW.Agent.J?

Python/PSW.Agent.J removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment