Trojan.Script.PWRS removal instruction

The Trojan.Script.PWRS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Script.PWRS virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan.Script.PWRS?


File Info:
name: EF36296C35CAD12DD277.mlw
path: /opt/CAPEv2/storage/binaries/4d2a7bc887914aa382c7c989a814ea137f061c8b5aa2a5c3822613b8857bc00c
crc32: 435EA8DE
md5: ef36296c35cad12dd277fafdbd791917
sha1: 5bc65a0d2a9cb4710707db578a5682166b2ffa48
sha256: 4d2a7bc887914aa382c7c989a814ea137f061c8b5aa2a5c3822613b8857bc00c
sha512: 8f32420fc7e7dd453d25fd86aa40ff83dacb334267e2b752f661cbb4c216f8d281f824399511b15d252643f1f6b8c9b4c473238e8419347c89469389aa108e18
ssdeep: 24576:SFGpY1YzlMLvfarU5XCg3aQAEofVwmH2pJnKl3juQ55313d:SF7BSNbW/Kl3F
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1DAA5F903AA8B0E75DDD237B461CB533AA734FE30CA2A9B7FB609C53559532C46C1A742
sha3_384: a5248885abe84d68221ef09323eb44e461e08d0fc127e5bfdbcb5310042e1217b161019d6f3aee9b2b91e2963b8233d5
ep_bytes: 83ec0cc705b8434e0000000000e8deae
timestamp: 2022-04-26 06:15:21

Version Info:
0: [No Data]

Trojan.Script.PWRS also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.86998
FireEye	Trojan.GenericKDZ.86998
McAfee	GenericRXSS-GF!EF36296C35CA
Cylance	Unsafe
K7AntiVirus	Trojan ( 0058270d1 )
K7GW	Trojan ( 0058270d1 )
Symantec	ML.Attribute.HighConfidence
ClamAV	Win.Malware.Generickdz-9888427-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKDZ.86998
Avast	Win32:CrypterX-gen [Trj]
Tencent	Trojan.Win32.Zapchast.xa
Ad-Aware	Trojan.GenericKDZ.86998
Emsisoft	Trojan.GenericKDZ.86998 (B)
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
GData	Win32.Trojan.PSE.W32D6U
MAX	malware (ai score=80)
Arcabit	Trojan.Generic.D153D6
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Muldrop.R488400
Acronis	suspicious
ALYac	Trojan.GenericKDZ.86998
Malwarebytes	Trojan.Script.PWRS
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.FJWN!tr
AVG	Win32:CrypterX-gen [Trj]

How to remove Trojan.Script.PWRS?

Trojan.Script.PWRS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X