Trojan

Trojan-PSW.Win32.Pycoon.bz removal tips

Malware Removal

The Trojan-PSW.Win32.Pycoon.bz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.Pycoon.bz virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by installation directory
  • Attempts to identify installed AV products by registry key
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Detects VMware through the presence of a registry key
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Attempts to create or modify system certificates
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan-PSW.Win32.Pycoon.bz?



File Info:

name: 8113548E71E4A18F517C.mlw
path: /opt/CAPEv2/storage/binaries/19510bfc1c8b40fa94a35d7a428e3f7ced8eeaac4f4cc92c98797f18c5f8ebb6
crc32: 17ED50F5
md5: 8113548e71e4a18f517c93cbb2ce49e3
sha1: ef3898aa520dd8fc9afa39ecec50dde77e51a64b
sha256: 19510bfc1c8b40fa94a35d7a428e3f7ced8eeaac4f4cc92c98797f18c5f8ebb6
sha512: a2dd75d83d976d7d82c79ad2f9f9bf7008b357cdc8702b258052388ff42cc2d223a61383644170278cdca8ec9acc91b117773b8b4893f700707bd48adfca2145
ssdeep: 98304:7ayPNv1WTWyq2uvUgI9uGoJAxUmtteHHdjYbctAZx6li4znN5v7v:77PNv1MqrlX9JEqdjYItAZx6liSB7v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15146338957CBE8C3E4D82E73D9265C621A7877B9C05C73EB9811E11C2126F72BB854E8
sha3_384: 7c936b99cce8954da45ff5b54464c0d2ad3d2101d71846116305a396414f1ebfd33f0f4b5a0df0051b1e77d144ceae28
ep_bytes: 81ec8401000053555633db57895c2418
timestamp: 2014-10-07 04:40:17


Version Info:

CompanyName: Piriform Ltd
FileDescription: CCleaner Professional Edition Plus
FileVersion: 5.36.6278.0
LegalCopyright: Copyright @ 2005-2017 Piriform Ltd
LegalTrademarks: CCleaner
OriginalFilename: CCleaner.exe
ProductName: CCleaner
Translation: 0x0804 0x03a8

Trojan-PSW.Win32.Pycoon.bz also known as:

BkavW32.Common.B7EE2D05
Cylanceunsafe
APEXMalicious
KasperskyTrojan-PSW.Win32.Pycoon.bz
AvastWin32:Malware-gen
TencentWin32.Trojan-QQPass.QQRob.Pjgl
DrWebTrojan.PWS.Siggen2.1634
McAfee-GW-EditionArtemis
WebrootW32.Trojan.Gen
ZoneAlarmTrojan-PSW.Win32.Pycoon.bz
McAfeeArtemis!8113548E71E4
YandexTrojan.Agent!Bh0EZvKhHqI
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan-PSW.Win32.Pycoon.bz?

Trojan-PSW.Win32.Pycoon.bz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment