Spy

Should I remove “Spyware.KeyBase”?

Malware Removal

The Spyware.KeyBase is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Spyware.KeyBase virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Network activity detected but not expressed in API logs
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients

How to determine Spyware.KeyBase?


File Info:

crc32: 950E5748
md5: 2840288c34a6fe8b9ff0dddc96c8f319
name: securefile.exe
sha1: 603427314dd2c13f3ee19571f892675ce65843d5
sha256: a88f94d1c96b0224ac11dd7bcc922173877b9f6a9442b083c3fdca3d40dd1c65
sha512: ed463b6656176db4b51814f8be0b9ed6491c35b5714e5a122aa7d908f8a0b2f05ca5f7e29a36b8c473a0346cd85cdefcad60d6d866f709567e4387831d547af9
ssdeep: 12288:qiNZ2x2tHNOjLM9GbH2Hk84BYGAKEWOwH7+LPaHG:qiNZ2kNOjLgGr2Hk5Y5WOa+2HG
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: securefile.exe
FileVersion: 9.1.1.0
CompanyName: Microsoft GmbH
Comments: Payment
ProductVersion: 9.1.1.0
FileDescription: invoice
OriginalFilename: securefile.exe

Spyware.KeyBase also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Kazy.621240
CAT-QuickHealTrojan.MsilFC.S6049614
McAfeeTrojan-FKOB!2840288C34A6
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.m41D
SangforMalware
K7AntiVirusTrojan ( 0053564e1 )
BitDefenderGen:Variant.Kazy.621240
K7GWTrojan ( 0053564e1 )
Cybereasonmalicious.c34a6f
ArcabitTrojan.Kazy.D97AB8
InvinceaMal/Generic-S
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-PSW.MSIL.BrowserThief.h
AlibabaTrojan:Win32/Kryptik.ali2000016
NANO-AntivirusTrojan.Win32.BrowserThief.dztlwz
TencentMsil.Trojan-qqpass.Qqrob.Hqlk
Ad-AwareGen:Variant.Kazy.621240
EmsisoftTrojan.Injector (A)
ComodoMalware@#i5lohd2irsg7
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PWS.Stealer.15155
TrendMicroTROJ_GEN.R002C0PJM20
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.2840288c34a6fe8b
SophosMal/Generic-S
IkarusTrojan.MSIL.Injector
JiangminTrojan.PSW.MSIL.avlw
MaxSecureTrojan.Malware.8438847.susgen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Ymacco.AA8D
ZoneAlarmTrojan-PSW.MSIL.BrowserThief.h
GDataMSIL.Trojan-Spy.Asomallog.MH8M6A
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZemsilF.34590.Qm0@a4bqged
ALYacTrojan.Agent.MSIL.Injector
MalwarebytesSpyware.KeyBase
PandaTrj/CI.A
ESET-NOD32a variant of MSIL/Injector.IYV
TrendMicro-HouseCallTROJ_GEN.R002C0PJM20
SentinelOneDFI – Malicious PE
eGambitTrojan.Generic
FortinetMSIL/Agent.ADR!tr.spy
WebrootW32.Trojan.MSIL.BrowserThief
AVGWin32:KeyloggerX-gen [Trj]
AvastWin32:KeyloggerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Generic/Trojan.PSW.3dc

How to remove Spyware.KeyBase?

Spyware.KeyBase removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment