What is “Trojan.SpyEyes.CO (B)”?

The Trojan.SpyEyes.CO (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.SpyEyes.CO (B) virus can do?

• Behavioural detection: Executable code extraction – unpacking
• At least one process apparently crashed during execution
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• NtSetInformationThread: attempt to hide thread from debugger
• Creates RWX memory
• Anomalous file deletion behavior detected (10+)
• Dynamic (imported) function loading detected
• Expresses interest in specific running processes
• Reads data out of its own binary image
• A process created a hidden window
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• Unconventionial language used in binary resources: Russian
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• Detects Sandboxie through the presence of a library
• Attempts to modify desktop wallpaper
• Checks for the presence of known windows from debuggers and forensic tools
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• The following process appear to have been packed with Themida: winhost.exe
• Checks for the presence of known devices from debuggers and forensic tools
• Detects the presence of Wine emulator via registry key
• Checks the version of Bios, possibly for anti-virtualization
• Detects VirtualBox through the presence of a registry key
• Anomalous binary characteristics

How to determine Trojan.SpyEyes.CO (B)?

File Info:
name: 2FB1A06AED3F26B56F44.mlw
path: /opt/CAPEv2/storage/binaries/d458dc12ed7ee58c1f0b80ba698b2c34bc14e517977de6a88bccb57ee861dc17
crc32: B1C778C3
md5: 2fb1a06aed3f26b56f441afa6d8af1b6
sha1: 838aa864cc150835e99754ba6856db65ace4ba6d
sha256: d458dc12ed7ee58c1f0b80ba698b2c34bc14e517977de6a88bccb57ee861dc17
sha512: c2872ac22e4a8a14eae17835e83500bd8066d0055f49da674bce463f509b986c20388568848be7422c7b527fea1ca80c9811862068699448f4160247b64701a9
ssdeep: 98304:pAI+qolKSkHhrLroyOFFBwzYN57bPw0H5PcUnGzHa23hRAd3QCSc:itqoltn7FBp5vPw0HtNCz0P3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE563329A4C1C27EE19688354807E6FFF53ADB405D6858CFF9EE1F4E64223421A7825F
sha3_384: 8a20b72536faf6e9c81f3db47ccada1eedbb96f1bee3b1594f5fb0b3747c404166b8ae8c39a3e5c25f2dd431b3c30515
ep_bytes: 558bec83c4f0b888534200e824f2fdff
timestamp: 1992-06-19 22:22:17

Version Info:
Comments: 
CompanyName: Pooifo                                                      
FileDescription: pooifo 1.00 Installation                                    
FileVersion: 1.00                
LegalCopyright: Pooifo                                                                                              
Translation: 0x0409 0x04e4

Trojan.SpyEyes.CO (B) also known as:

How to remove Trojan.SpyEyes.CO (B)?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.