Spyware.BluStealer.MSIL removal instruction

The Spyware.BluStealer.MSIL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Spyware.BluStealer.MSIL virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Spyware.BluStealer.MSIL?


File Info:
name: BCC8A8F50CD950EF1078.mlw
path: /opt/CAPEv2/storage/binaries/42961ee24a5533aea83ce1b49c90aa4446a5e2e912692838bd6bcf6ca5e43221
crc32: DA29E95A
md5: bcc8a8f50cd950ef1078e76d51accd30
sha1: b41a3d1faba65111b32d77ddd6a7bf0ea01a4d10
sha256: 42961ee24a5533aea83ce1b49c90aa4446a5e2e912692838bd6bcf6ca5e43221
sha512: 6859a6f09f2473ef162820a68aa351b49f94424de55d202c5d9892a9bf38ba6ccb6a810e5ef4af81a7e33f0e32a179434dac98e61fc2937143531c65eb21faec
ssdeep: 24576:nkrna0WsDcWIWDh4Rn5aMv+FZACCbhU4:Gp/DDmuMIgb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A25128733AC8B17D8BE97F0FC5604944BB6660AA992D7DC0C9128DF0D74B8109A777B
sha3_384: 55d394cc6bdebfa05000b4f5c647e328e2e830b9cd85be67f4c21d655cc1b1322185aaec572116e89b1f40f3bb3b833f
ep_bytes: ff250020400001000000000000000200
timestamp: 2022-08-26 07:29:06

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: GLOKON Limited
FileDescription: Configurator
FileVersion: 1.0.0.0
InternalName: JhqvExc.exe
LegalCopyright: Copyright © GLOKON Limited 2014
LegalTrademarks: GLOKON
OriginalFilename: JhqvExc.exe
ProductName: Configurator
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Spyware.BluStealer.MSIL also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Variant.Lazy.237903
FireEye	Gen:Variant.Lazy.237903
ALYac	Gen:Variant.Lazy.237903
VIPRE	Gen:Variant.Lazy.237903
Cyren	W32/MSIL_Kryptik.HYA.gen!Eldorado
Symantec	Scr.Malcode!gdn34
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AGFU
TrendMicro-HouseCall	TROJ_GEN.F0D1C00HQ22
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender	Gen:Variant.Lazy.237903
Cynet	Malicious (score: 100)
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Gen:Variant.Lazy.237903
Emsisoft	Gen:Variant.Lazy.237903 (B)
F-Secure	Trojan.TR/Kryptik.pmpih
DrWeb	Trojan.PackedNET.1429
McAfee-GW-Edition	BehavesLike.Win32.BadFile.dc
SentinelOne	Static AI – Malicious PE
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-PO
APEX	Malicious
GData	Gen:Variant.Lazy.237903
Avira	TR/Kryptik.pmpih
Arcabit	Trojan.Lazy.D3A14F
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.PWSX-gen.C5228496
McAfee	Artemis!BCC8A8F50CD9
MAX	malware (ai score=88)
VBA32	OScope.Trojan.MSIL.Remcos.gen
Malwarebytes	Spyware.BluStealer.MSIL
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.FXRD!tr
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Spyware.BluStealer.MSIL?

Spyware.BluStealer.MSIL removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X