Trojan-Banker.Win32.BlueShai removal instruction

The Trojan-Banker.Win32.BlueShai is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Banker.Win32.BlueShai virus can do?

Sample contains Overlay data
Authenticode signature is invalid
CAPE detected the Sakula malware family

How to determine Trojan-Banker.Win32.BlueShai?


File Info:
name: 019F0A87039383BFCB6E.mlw
path: /opt/CAPEv2/storage/binaries/c20dba09e7a9baa7b63f697f290a557419968daa933c6d74bc9994955af34581
crc32: 20926B58
md5: 019f0a87039383bfcb6e565604e722cc
sha1: d6f959e7c3df2fbd6d65c508735efc070e83f8c6
sha256: c20dba09e7a9baa7b63f697f290a557419968daa933c6d74bc9994955af34581
sha512: 8fb142e081f3ffc9aa6d46ba03c0888c186f94cf28374c406bc4f7ba9e9d0d5595720c487e5b12299f967fd05560b6fac7b6188bc2ede5052fc34342a1f92f93
ssdeep: 1536:bQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es5mz30rtr:M29DkEGRQixVSjLwes5W30B
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T191D37C11B9C1C072E00510346969D7B35B7F752217B8D997BB841FBEBE613C09A3BACA
sha3_384: 2536722fc0bd67fc2204a8bbc9dd9703e3ec890c3476838c33c354367aa252cf5b9316d989508cea39232515dfdf3d54
ep_bytes: eb0333c04050eb1c83f803750b56e853
timestamp: 2013-02-05 04:03:07

Version Info:
0: [No Data]

Trojan-Banker.Win32.BlueShai also known as:

Bkav	W32.AIDetect.malware1
MicroWorld-eScan	Gen:Trojan.Heur.iuZ@XUj6jqg
ClamAV	Win.Malware.Scar-6745903-0
FireEye	Generic.mg.019f0a87039383bf
ALYac	Gen:Trojan.Heur.iuZ@XUj6jqg
Cylance	Unsafe
Zillya	Trojan.BlueShai.Win32.1
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Baidu	Win32.Trojan.Shyape.a
Symantec	Trojan.Sakurel
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Banker.Win32.BlueShai.gen
BitDefender	Gen:Trojan.Heur.iuZ@XUj6jqg
Avast	Win32:Evo-gen [Trj]
Ad-Aware	Gen:Trojan.Heur.iuZ@XUj6jqg
Emsisoft	Gen:Trojan.Heur.iuZ@XUj6jqg (B)
VIPRE	Gen:Trojan.Heur.iuZ@XUj6jqg
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Sakurel.B
Avira	TR/Patched.Ren.Gen
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Generic.ASMalwS.654A
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
Acronis	suspicious
McAfee	GenericRXAA-AA!019F0A870393
Malwarebytes	Generic.Trojan.Malicious.DDS
Rising	Trojan.Shyape!1.A74F (CLASSIC)
Ikarus	Trojan.Win32.Sakurel
MaxSecure	Trojan.Malware.11717402.susgen
BitDefenderTheta	AI:Packer.183C281E1B
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.703938

How to remove Trojan-Banker.Win32.BlueShai?

Trojan-Banker.Win32.BlueShai removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X