Win32/PSW.Legendmir.NHB removal instruction

The Win32/PSW.Legendmir.NHB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/PSW.Legendmir.NHB virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Anomalous binary characteristics

How to determine Win32/PSW.Legendmir.NHB?


File Info:
crc32: 1E026475
md5: 41585b26bedef25293adb0b5858a41f3
name: jsy.dat
sha1: 9193b7761b3c292a033d4cc5b5733537a7e0eddd
sha256: 479d02a43572bd269b473d80ee6ec57f9ca1a863d2fe20eed7ebbd81b9c34164
sha512: 28726745e2ef5aabe5ed336b1f860290a6f62cf0b8bbd40cf25746baafa4a990a8e5b4f33ccbaf0a8f56bb2c2f03fd99335f82361b250cd2ad291e0d78fe4cce
ssdeep: 3072:+M5OAQmIM5QTETX/8mEXJhBgYC5PNNYRrKFYXHkj5olvXK/62H9o1:+M5LeTW0f7BgYsgKYe5ol/K/XH9U
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2003-2004
InternalName: 
FileVersion: 7, 7, 5, 0
CompanyName: 
ProductName: x53cax65f6x96e8PKx7248
ProductVersion: 7, 7, 5, 0
FileDescription: x53cax65f6x96e8PKx7248(http://www.mir666.com)
OriginalFilename: JSY.EXE
Translation: 0x0804 0x04b0

Win32/PSW.Legendmir.NHB also known as:

DrWeb	Trojan.StartPage.21556
FireEye	Generic.mg.41585b26bedef252
CAT-QuickHeal	Trojan.IGENERIC
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.4!c
Sangfor	Malware
K7AntiVirus	Password-Stealer ( 0055e3dc1 )
K7GW	Password-Stealer ( 0055e3dc1 )
Cybereason	malicious.61b3c2
F-Prot	W32/Backdoor2.HTRC
TotalDefense	Win32/Lemir.AAF
APEX	Malicious
ClamAV	Win.Trojan.Agent-512422
Alibaba	TrojanPSW:Win32/Legendmir.452f6aad
NANO-Antivirus	Trojan.Win32.Legendmir.ibir
ViRobot	Trojan.Win32.PSWLmir.171520
Comodo	Malware@#19gjdy8vj44fr
Zillya	Trojan.Legendmir.Win32.346
McAfee-GW-Edition	Generic.emy
Trapmine	malicious.moderate.ml.score
Ikarus	Trojan-PWS.Win32.Lmir.aqr
Cyren	W32/Backdoor.PLBS-9330
Webroot	W32.Malware.Gen
MAX	malware (ai score=99)
Antiy-AVL	Trojan[GameThief]/Win32.Lmir
Microsoft	Trojan:Win32/Bumat!rfn
AhnLab-V3	Unwanted/Win32.HackTool.R86801
McAfee	Generic.emy
Panda	Trj/Lineage.HZT
ESET-NOD32	a variant of Win32/PSW.Legendmir.NHB
Yandex	Trojan.PWS.Prast!c7vI4hAtRco
eGambit	Unsafe.AI_Score_99%
Fortinet	Malware_fam.gw
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (W)
MaxSecure	Trojan.Malware.2588.susgen

How to remove Win32/PSW.Legendmir.NHB?

Win32/PSW.Legendmir.NHB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X