Trojan

How to remove “VHO:Trojan-PSW.Win32.Raccoon”?

Malware Removal

The VHO:Trojan-PSW.Win32.Raccoon is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Trojan-PSW.Win32.Raccoon virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine VHO:Trojan-PSW.Win32.Raccoon?



File Info:

name: 77CD9DCE4CDC63A5EDC7.mlw
path: /opt/CAPEv2/storage/binaries/30774e95519a2aa5bf952b374614ac6b71063f3d39137e4517afc0b4413b2d29
crc32: 4D3241D4
md5: 77cd9dce4cdc63a5edc75109e249147f
sha1: 38cf27d6d354dcc8056577c3380c2c9985a2123b
sha256: 30774e95519a2aa5bf952b374614ac6b71063f3d39137e4517afc0b4413b2d29
sha512: dec452cc88af181f27c187a6c6e976e908b0c16f615e5bed764bb5f89db072e974b8f438200069d010b8c5045dffc3f530b010f9d7c7cec736df1f1c8c541ce5
ssdeep: 12288:oDU/Bdp8xtZxcZkSPTzuzirjboL/WntgeKmYJHA8Hq7ObXu3E0o4wzIx2J8R3xw0:oDU//p8xtMZkSPTF9YJHA/7Obio4w70
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D225AF607DD58033EDF225F602ECF93106ADF9B1173549CB92C416EE86206D27F369AA
sha3_384: 6c9a0658371807007d6a3d8fda0b877cdcee012695f8ea39f2cd40876a487d50f90bdeeb4bd95418f136a9cdf10746dc
ep_bytes: e919920400e90dd60600e90e170500e9
timestamp: 2022-08-29 16:31:24


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Device driver software installation
FileVersion: 5.2.3668.0
InternalName: NDAdmin.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: NDAdmin.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.2.3668.0
Translation: 0x0409 0x04b0

VHO:Trojan-PSW.Win32.Raccoon also known as:

MicroWorld-eScanGen:Variant.Lazy.238286
FireEyeGen:Variant.Lazy.238286
ALYacGen:Variant.Lazy.238286
CylanceUnsafe
ESET-NOD32a variant of Win32/GenKryptik.FZCA
KasperskyVHO:Trojan-PSW.Win32.Raccoon.gen
BitDefenderGen:Variant.Lazy.238286
AvastCrypterX-gen [Trj]
Ad-AwareGen:Variant.Lazy.238286
EmsisoftGen:Variant.Lazy.238286 (B)
VIPREGen:Variant.Lazy.238286
McAfee-GW-EditionArtemis!Trojan
GDataGen:Variant.Lazy.238286
ArcabitTrojan.Lazy.D3A2CE
ZoneAlarmVHO:Trojan-PSW.Win32.Raccoon.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!77CD9DCE4CDC
MAXmalware (ai score=81)
VBA32BScope.TrojanSpy.Bobik
RisingBackdoor.Mokes!8.619 (TFE:dGZlOgWDwygrYBw0Eg)
AVGCrypterX-gen [Trj]

How to remove VHO:Trojan-PSW.Win32.Raccoon?

VHO:Trojan-PSW.Win32.Raccoon removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment