Malware

Troj/Steale-DB removal instruction

Malware Removal

The Troj/Steale-DB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Steale-DB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Troj/Steale-DB?



File Info:

crc32: 6DF93176
md5: 688eeac27cb044e0fcd0c570b252fe0d
name: sunnyz.exe
sha1: d34ac5a96466330ab8a4b3bc2c47b868067c2744
sha256: b19c3595551681f800d91571357b86e048138d6d3b8b54ae607fe55cc876b3af
sha512: c5e8852c716fc3ceb15c95132ab1ad45262fd7d33b623bd38fc0d3a9472c51713f8c314dc70f8dacf88d89349cfcecde0ea43deb952b052b767ca0162d17899f
ssdeep: 12288:BNML1v2ExEdbNGI5BP7jbm2OeR/JyZ1NywEnBYVLNdm:Wv/xYII/7jbm2DQcwGBsD
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2019
Assembly Version: 1.1.8.0
InternalName: SimpleSharp.exe
FileVersion: 1.1.8
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: SimpleSharp
ProductVersion: 1.1.8
FileDescription: SimpleSharp
OriginalFilename: SimpleSharp.exe

Troj/Steale-DB also known as:

DrWebTrojan.PWS.Stealer.27520
MicroWorld-eScanTrojan.GenericKD.32764443
FireEyeGeneric.mg.688eeac27cb044e0
ALYacTrojan.GenericKD.32764443
MalwarebytesTrojan.MalPack
SangforMalware
K7AntiVirusTrojan ( 0055c5b61 )
BitDefenderTrojan.GenericKD.32764443
K7GWTrojan ( 0055c5b61 )
CrowdStrikewin/malicious_confidence_80% (W)
Invinceaheuristic
BitDefenderThetaGen:NN.ZemsilF.32515.Fm0@auyTqSn
F-ProtW32/Trojan.SW.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
GDataTrojan.GenericKD.32764443
KasperskyHEUR:Trojan-Spy.MSIL.Stealer.gen
AlibabaTrojanSpy:MSIL/Kryptik.11d1f6b9
AegisLabTrojan.MSIL.Stealer.l!c
Ad-AwareTrojan.GenericKD.32764443
SophosTroj/Steale-DB
F-SecureTrojan.TR/Kryptik.eluqt
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
Trapminemalicious.high.ml.score
IkarusTrojan.MSIL.Krypt
CyrenW32/Trojan.SW.gen!Eldorado
JiangminTrojanSpy.MSIL.ajww
WebrootW32.Trojan.Gen
AviraTR/Kryptik.eluqt
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D1F3F21B
ZoneAlarmHEUR:Trojan-Spy.MSIL.Stealer.gen
MicrosoftBackdoor:MSIL/Bladabindi!MTB
AhnLab-V3Trojan/Win32.RL_Inject.C3600236
Acronissuspicious
McAfeeRDN/Generic.hbg
VBA32TScope.Trojan.MSIL
CylanceUnsafe
PandaTrj/CI.A
ESET-NOD32a variant of MSIL/Kryptik.TWN
TrendMicro-HouseCallTROJ_FRS.VSNTKS19
SentinelOneDFI – Malicious PE
FortinetMSIL/Kryptik.TWN!tr
AVGFileRepMetagen [Malware]
Cybereasonmalicious.964663
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Spy.67f

How to remove Troj/Steale-DB?

Troj/Steale-DB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment