What is “Win32/KeyLogger.eMatrixSoft.A”?

The Win32/KeyLogger.eMatrixSoft.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/KeyLogger.eMatrixSoft.A virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid

How to determine Win32/KeyLogger.eMatrixSoft.A?


File Info:
name: BDA11EFE00645759B838.mlw
path: /opt/CAPEv2/storage/binaries/6c20fdc8023c5ee52f73e68bc907d28af8e7abfdaa8b287fa54ee67cbc743cc9
crc32: 53128400
md5: bda11efe00645759b83869a5391fa5e3
sha1: 38f13b3198b9c0f1bbd6a257079aacdc33ad41ad
sha256: 6c20fdc8023c5ee52f73e68bc907d28af8e7abfdaa8b287fa54ee67cbc743cc9
sha512: 213f054fd7e284ba18d3a8d4b6168fe9425fbea826fade69ffdb4bb75fb5dfb1b111cb18f233e4ccd9146b05a90c73e294e6089409d253544ed0db43a46f4d86
ssdeep: 24576:GsxlwwEs/Fsl8/7YdRzFUW2DYjWM/ZfF04VcHG:GsxSwEs/MRjNCEG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T103459D33FF509449F69600316139D6A669607C3A98219E0BFBC2BF5E38725C3A8F571B
sha3_384: 4db93abcf60283af56be1b1d4fc3ed2107a466c3051b2081a0036acd4d8b9d3fde13a88384a5c7c940f44a033568c829
ep_bytes: 6868814200e8eeffffff000000000000
timestamp: 2009-04-30 03:16:14

Version Info:
Translation: 0x0409 0x04b0
ProductName: pssrv
FileVersion: 6.20
ProductVersion: 6.20
InternalName: pssrv
OriginalFilename: pssrv.exe

Win32/KeyLogger.eMatrixSoft.A also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Application.Emathi.1
FireEye	Gen:Variant.Application.Emathi.1
Skyhigh	BehavesLike.Win32.Infected.th
McAfee	Artemis!BDA11EFE0064
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Gen:Variant.Application.Emathi.1
Sangfor	Spyware.Win32.KeyLogger.Vmrv
Alibaba	RiskWare:Win32/eMatrixSoft.9ea7452d
Paloalto	generic.ml
Symantec	Spyware.SpyPal
ESET-NOD32	a variant of Win32/KeyLogger.eMatrixSoft.A
Avast	Win32:KeyLogger-ADH [PUP]
BitDefender	Gen:Variant.Application.Emathi.1
Tencent	Malware.Win32.Gencirc.140363fd
Sophos	Generic Reputation PUA (PUA)
F-Secure	PrivacyRisk.SPR/Keylogger.KF
Zillya	Trojan.Keylogger.Win32.38
TrendMicro	TROJ_GEN.R002C0OBL24
Emsisoft	Gen:Variant.Application.Emathi.1 (B)
Ikarus	PUA.Logger
Google	Detected
Avira	SPR/Keylogger.KF
Antiy-AVL	Trojan[KeyLogger]/Win32.eMatrixSoft
Kingsoft	Win32.Troj.Undef.a
Microsoft	MonitoringTool:Win32/PowerSpy
Xcitium	ApplicUnwnt.Win32.KeyLogger.KF0@1qtjw0
Arcabit	Trojan.Application.Emathi.1
GData	Gen:Variant.Application.Emathi.1
ALYac	Gen:Variant.Application.Emathi.1
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0OBL24
Rising	Malware.PowerSpy!8.EA3E (TFE:5:RUiMQpDwzp)
Yandex	Riskware.Agent!TWMAm0YWi48
MaxSecure	Trojan.Malware.8975432.susgen
Fortinet	Riskware/PowerSpy
AVG	Win32:KeyLogger-ADH [PUP]
DeepInstinct	MALICIOUS
alibabacloud	Keylogger:Win/EMatrixSoft.A

How to remove Win32/KeyLogger.eMatrixSoft.A?

Win32/KeyLogger.eMatrixSoft.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X