Trojan:Win32/Phonzy.A!ml removal instruction

The Trojan:Win32/Phonzy.A!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.A!ml virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family

How to determine Trojan:Win32/Phonzy.A!ml?


File Info:
name: 299BA99658CAFAC4BEB5.mlw
path: /opt/CAPEv2/storage/binaries/a33126d4839283ba2b2112cfa3d8a8d0b8f44a53d951c70d5359b002c15add92
crc32: F8386426
md5: 299ba99658cafac4beb5da42a59bbae3
sha1: ea5dedb1157d5aa9aaf4f80f26018a8f91c1a37e
sha256: a33126d4839283ba2b2112cfa3d8a8d0b8f44a53d951c70d5359b002c15add92
sha512: 67934feecc462cd78101adc0b3c9b1b5d2e7e4ed2808d339effa9f9167605c395f7c52cb426008e17217715a83aa47a2da67f2d52682a5ae275b28919d89478f
ssdeep: 196608:/QmtWMTGcyW0aUCB1BfsT0IV++6gXzhJLMkh3IL2LH:/N3f6V+g9JbBIGH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E166F111D241842AF5E301B6847D5B6AB528BA31131160C7F3CC6D6F67FAAE27E32B53
sha3_384: 9d259a19d0c89fa14b7ed3c0efcb9cc8d71748ae7dd54c9fed526eab058398dacef8f65f91108da75c077a6704f5f93a
ep_bytes: e82ede0000e9000000006a146898a168
timestamp: 2024-01-19 08:03:58

Version Info:
Comments: https://warzsiam.in.th/
CompanyName: Codex Development Group
FileDescription: WarZSiam Launcher
FileVersion: 1.0.0.0
InternalName: WarZSiam Launcher.exe
LegalCopyright: (c) Codex Development Group.  All rights reserved.
OriginalFilename: WarZSiam Launcher.exe
ProductName: WarZSiam Launcher
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Trojan:Win32/Phonzy.A!ml also known as:

Bkav	W32.Common.F02568D4
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.DownLoad4.15026
MicroWorld-eScan	Trojan.GenericKD.71274552
FireEye	Trojan.GenericKD.71274552
Skyhigh	BehavesLike.Win32.Dropper.vc
McAfee	Artemis!299BA99658CA
Malwarebytes	Trojan.Agent
Sangfor	Trojan.Win32.Agent.Vpet
K7AntiVirus	Trojan ( 0059eb571 )
Alibaba	Trojan:Win32/Injector.b2d38e41
K7GW	Trojan ( 0059eb571 )
Arcabit	Trojan.Generic.D43F9038
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Agent.ST
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.71274552
NANO-Antivirus	Trojan.Win32.DownLoad4.khjegk
Avast	Win32:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11bb75a0
Emsisoft	Trojan.GenericKD.71274552 (B)
F-Secure	Trojan.TR/Agent.yibrn
VIPRE	Trojan.GenericKD.71274552
Sophos	Mal/Generic-S
Google	Detected
Avira	TR/Agent.yibrn
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Phonzy.A!ml
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.71274552
Varist	W32/ABTrojan.IQER-3350
AhnLab-V3	Trojan/Win.Generic.C5576760
VBA32	BScope.Trojan.Inject
ALYac	Trojan.GenericKD.71274552
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0DAJ24
Rising	Trojan.Generic@AI.91 (RDML:ECjHAg++Y30W6+0vS59vAQ)
Ikarus	Trojan.Injector
Fortinet	W64/Agent.ST!tr
AVG	Win32:MalwareX-gen [Trj]

How to remove Trojan:Win32/Phonzy.A!ml?

Trojan:Win32/Phonzy.A!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X