How to remove “Trojan-PSW.Win32.Coins.pef”?

The Trojan-PSW.Win32.Coins.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-PSW.Win32.Coins.pef virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan-PSW.Win32.Coins.pef?


File Info:
name: AD35AC8883414CA1FF0D.mlw
path: /opt/CAPEv2/storage/binaries/b917a7440e3bc9ecca8dffe41ca90e3873c654708fa9aa8261642fa924a18a65
crc32: B903AC85
md5: ad35ac8883414ca1ff0d7603b6001b89
sha1: 0421a145dc693d2da57f271a884a56de042ba1d3
sha256: b917a7440e3bc9ecca8dffe41ca90e3873c654708fa9aa8261642fa924a18a65
sha512: 902d7bf1625dd7210bb98edbb160ad6b6eae962873310e57adb64ceba3f9dd1b980293d358ef6ad61ce85e4f9702278f998ad65664f711fbaa33adf9a02cc0ff
ssdeep: 49152:CFgvHZHlAAAnK7BnEJHdYi0O1pzQlucgIhCiP1k4zAl38HY/sYcwGYuJmMnFpWCl:CFgvHIAAF1pzSYII0ABY9bchgHO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E263840F9DB84F6EA03553048A7D2AF27306D094F35DB87EB64BF6AE8776A10D32119
sha3_384: 974d8bb306fd8a702b0b9ccc3902707ec497e6ad94f2ffa7e063d6a911e81ca94a07d89cc6cf67b342f2aa3139c73035
ep_bytes: e91bddffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Trojan-PSW.Win32.Coins.pef also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Coins.4!c
McAfee	Artemis!AD35AC888341
Sangfor	Trojan.Win32.Agent.Vryg
Cyren	W32/ABRisk.DBNF-3693
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-PSW.Win32.Coins.pef
Avast	Win32:Malware-gen
Tencent	Win32.Trojan-QQPass.QQRob.Hplw
F-Secure	Trojan.TR/Crypt.XPACK.Gen
TrendMicro	Backdoor.Win32.COBEACON.YXDFIZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.rh
Sophos	Generic Reputation PUA (PUA)
GData	Win32.Trojan.CobaltStrike.TBUDYC
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan[PSW]/Win32.Coins
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.pef
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
VBA32	BScope.TrojanRansom.Convagent
Cylance	unsafe
TrendMicro-HouseCall	Backdoor.Win32.COBEACON.YXDFIZ
Rising	Trojan.Generic@AI.100 (RDML:rRe4bqxr1QBdjpNR4y9KcA)
Ikarus	Trojan.Cometer
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan-PSW.Win32.Coins.pef?

Trojan-PSW.Win32.Coins.pef removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X