How to remove “Trojan-Spy.Win32.SpyEyes.bfuj”?

The Trojan-Spy.Win32.SpyEyes.bfuj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.SpyEyes.bfuj virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Presents an Authenticode digital signature
• NtSetInformationThread: attempt to hide thread from debugger
• Creates RWX memory
• Dynamic (imported) function loading detected
• Expresses interest in specific running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• Unconventionial language used in binary resources: Russian
• Authenticode signature is invalid
• Checks for the presence of known windows from debuggers and forensic tools
• Checks for the presence of known windows from debuggers and forensic tools
• Created a process from a suspicious location
• Steals private information from local Internet browsers
• The following process appear to have been packed with Themida: crypted_3.exe
• Checks for the presence of known devices from debuggers and forensic tools
• Checks for the presence of known devices from debuggers and forensic tools
• Detects the presence of Wine emulator via registry key
• Checks the version of Bios, possibly for anti-virtualization
• Detects VirtualBox through the presence of a registry key
• Attempts to access Bitcoin/ALTCoin wallets
• Harvests cookies for information gathering
• Collects information to fingerprint the system
• Anomalous binary characteristics

How to determine Trojan-Spy.Win32.SpyEyes.bfuj?

File Info:
name: 2A894AC211CCB2991946.mlw
path: /opt/CAPEv2/storage/binaries/9a63b7a0ad9de496ba71368f13d862f4ed833ef79085c705be843a3b31276070
crc32: 7387984D
md5: 2a894ac211ccb29919468a91cf8b4c4b
sha1: 28c2c696bccd9aaec775d335e2e20c2501e6452d
sha256: 9a63b7a0ad9de496ba71368f13d862f4ed833ef79085c705be843a3b31276070
sha512: 4102b64fabcf76c8306c70c7231605dd726f423b627cabf5e637deb76b2bd27574da5c5ca9e40c4ad54f149d225d37a9eb2550d18fe83fa2e1a61b30d43e8057
ssdeep: 49152:PSbFhz87UaOof4baTJ+sMNpivBPVpjJG5A5cthATdelBxWY4MtU/biyjxJLBLO:PQKVODUJ+ZNpiVJG5u3IxWY4OUva
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111E533622364C73FEC4E817609A1FF611A61F838562AAF09BF8B0D291E75EE1D711743
sha3_384: 8489606d418409e41c99b68d851ed934c2ed3689519756551127509ecaffaf4a97dbd5a9971a3127426c861ac92b73f2
ep_bytes: e887660000e978feffff558bec83ec04
timestamp: 2016-02-03 19:38:31

Version Info:
Comments: This base of installation was built by Inno  setup.
CompanyName: tab page. Create WebstrealApp
FileDescription: tab page. Create WebstrealApp v1.3
LegalCopyright: tab page. Create Copyright © 2018
ProductName: tab page. Create WebstrealApp v1.3
ProductVersion: 66.3.1.0
FileVersion: 66.3.1.0
OriginalFileName: C0nf1gl0ader.exe
Translation: 0x0409 0x04b0

Trojan-Spy.Win32.SpyEyes.bfuj also known as:

How to remove Trojan-Spy.Win32.SpyEyes.bfuj?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.