Spy

Shiz.Spyware.Stealer.DDS removal

Malware Removal

The Shiz.Spyware.Stealer.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Shiz.Spyware.Stealer.DDS virus can do?

  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Shiz.Spyware.Stealer.DDS?


File Info:

name: 0B1AD275313E597044BE.mlw
path: /opt/CAPEv2/storage/binaries/3c1e0aa083706a334f887dd8190f815af9ee0b927c43f4619521834db2d48d78
crc32: ED777412
md5: 0b1ad275313e597044beaec28ce3c752
sha1: 2280208dd39d7667c566286186d6a19750866bc5
sha256: 3c1e0aa083706a334f887dd8190f815af9ee0b927c43f4619521834db2d48d78
sha512: 668c985261cc67ab5f4d2817f056c92b0c8b2fad56351684eb4641cda337c43fa478fe8ea979302cab0ddfd0479e18d38fbdd77468c0944aee678991815ec25d
ssdeep: 3072:R6pQc+sSxnTrGadgsFqZeo4pwkhUmZr3hPsOraST:R6p2sSxTrGvsFUejWyZr3hPswa4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6D3021364D12392C19A07B904B3A13A62E5263C63F5CB60C7D5737B7C16BBB263E746
sha3_384: 7edda81fee3d5a372f5ee9133e02ef567a27ae97235adb671b320fffe236feba2974b68f3bee8b0176a041309f434693
ep_bytes: 558bec5668040100006808a4420033f6
timestamp: 2015-08-21 10:28:13

Version Info:

0: [No Data]

Shiz.Spyware.Stealer.DDS also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Shifu.tnsd
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Midie.36171
ClamAVWin.Trojan.Gamarue-9832405-0
FireEyeGeneric.mg.0b1ad275313e5970
CAT-QuickHealBackdoor.Simda
McAfeeGenericRXGM-ZQ!0B1AD275313E
MalwarebytesShiz.Spyware.Stealer.DDS
VIPREGen:Variant.Midie.36171
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 005228cb1 )
AlibabaTrojan:Win32/Shifu.195f
K7GWSpyware ( 005228cb1 )
Cybereasonmalicious.5313e5
VirITTrojan.Win32.MulDrop7.BENL
CyrenW32/S-7a16e605!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Shiz.NCR
ZonerTrojan.Win32.75090
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Banker.Win32.Shifu.eph
BitDefenderGen:Variant.Midie.36171
NANO-AntivirusTrojan.Win32.Shiz.dvsrfy
AvastWin32:Shifu-B [Trj]
TencentTrojan.Win32.Shifu.wb
EmsisoftGen:Variant.Midie.36171 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.MulDrop7.20629
TrendMicroTROJ_GEN.R002C0DEN23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
SophosMal/Shiz-A
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Spy.Shiz.D
JiangminTrojan.Yakes.akc
WebrootW32.Infostealer.Shifu
AviraTR/Dropper.Gen
MAXmalware (ai score=82)
Antiy-AVLVirus/Win32.Expiro.imp
XcitiumTrojWare.Win32.Spy.Shiz.NCA@8m98i8
ArcabitTrojan.Midie.D8D4B
ViRobotTrojan.Win32.Agent.168448.U
ZoneAlarmTrojan-Banker.Win32.Shifu.eph
MicrosoftBackdoor:Win32/Simda!rfn
GoogleDetected
AhnLab-V3Trojan/Win.Simda.R580868
BitDefenderThetaAI:Packer.62D7A7871E
ALYacGen:Variant.Midie.36171
TACHYONBanker/W32.Shifu.140800
VBA32TrojanBanker.Shifu
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DEN23
RisingTrojan.Shifu!1.A8EF (CLASSIC)
YandexTrojan.GenAsa!zlrAhKZjOyI
IkarusSuspectFile
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Shiz.NCR!tr.spy
AVGWin32:Shifu-B [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Shiz.Spyware.Stealer.DDS?

Shiz.Spyware.Stealer.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment