How to remove “Trojan.Win32.Hesv.fwuc”?

The Trojan.Win32.Hesv.fwuc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Hesv.fwuc virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Trojan.Win32.Hesv.fwuc?


File Info:
name: 01CB191109A3DB8D750A.mlw
path: /opt/CAPEv2/storage/binaries/e8c00c03b2c734fe870ca1a60fc57a8a0496c2377a1058ecf99abce44bf5e0d0
crc32: 0040DE55
md5: 01cb191109a3db8d750a2c080b6f8958
sha1: cc39ba428b18cbcf63ba7878e13db8cdcdf657b0
sha256: e8c00c03b2c734fe870ca1a60fc57a8a0496c2377a1058ecf99abce44bf5e0d0
sha512: b77e028394a6d5254c2ff5698930d8576ece88b9e40d6b40bb8e59b752c1ae65d467a7cc9374220f669cea0dd8a35943a16ff023d52e03e4f283d42bab312ea6
ssdeep: 384:nG+ZnrD0HqS06WtZt1cXhqBbFc9aNJawcudoD7UV3e/+Me/Je/tfF1Y/2p:n7rwHIHbFtnbcuyD7UVOQI5no
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4130725F7676199F748C5BB85A6C21A10607F389AB395ABFA8D3EBF3D312401835343
sha3_384: 60e12759573288fd220f576a5369ab3ab9606f2b4d7617ce66ebf07145267a131f8b1f02f1526678c5b425f9042bd88d
ep_bytes: 60be004042008dbe00d0fdff5789e58d
timestamp: 2006-11-27 09:24:01

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Oncom
ProductName: xk
FileVersion: 0.00.0020
ProductVersion: 0.00.0020
InternalName: DATA
OriginalFilename: DATA.exe

Trojan.Win32.Hesv.fwuc also known as:

tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Heur.cm0@!VHMQ2ji
FireEye	Generic.mg.01cb191109a3db8d
ALYac	Gen:Trojan.Heur.cm0@!VHMQ2ji
Cylance	Unsafe
Zillya	Trojan.Hesv.Win32.11474
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005726d21 )
K7GW	Trojan ( 005726d21 )
Cybereason	malicious.109a3d
BitDefenderTheta	AI:Packer.507756501C
Cyren	W32/Ludbaruma.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
Kaspersky	Trojan.Win32.Hesv.fwuc
BitDefender	Gen:Trojan.Heur.cm0@!VHMQ2ji
Cynet	Malicious (score: 100)
Avast	Win32:Evo-gen [Trj]
Ad-Aware	Gen:Trojan.Heur.cm0@!VHMQ2ji
Emsisoft	Gen:Trojan.Heur.cm0@!VHMQ2ji (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Trojan.TR/Crypt.ULPM.Gen
VIPRE	Gen:Trojan.Heur.cm0@!VHMQ2ji
McAfee-GW-Edition	BehavesLike.Win32.Rontokbro.pz
SentinelOne	Static AI – Suspicious PE
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
APEX	Malicious
GData	Gen:Trojan.Heur.cm0@!VHMQ2ji
Jiangmin	Trojan.Hesv.ftc
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.ULPM.Gen
Arcabit	Trojan.Heur.EDD10FA
ZoneAlarm	Trojan.Win32.Hesv.fwuc
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Backdoor/Win32.IRCBot.R1456
McAfee	GenericRXAA-AA!01CB191109A3
MAX	malware (ai score=82)
Malwarebytes	Malware.AI.1815234599
Rising	Worm.VBInjectEx!1.99E6 (CLASSIC)
Ikarus	Trojan.Win32.Patched
MaxSecure	Trojan.Malware.186867054.susgen
Fortinet	W32/Nilage.5B64!tr
AVG	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan.Win32.Hesv.fwuc?

Trojan.Win32.Hesv.fwuc removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X