About “Win32/PSW.TestSpy.E” infection

The Win32/PSW.TestSpy.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/PSW.TestSpy.E virus can do?

Drops a binary and executes it
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Creates a copy of itself

How to determine Win32/PSW.TestSpy.E?


File Info:
name: F3AB2597D7E384157C32.mlw
path: /opt/CAPEv2/storage/binaries/516cf9289c9f1324850e1dc1c75bc004a3d3abaaabdba4a4eca47a7cf6d6d447
crc32: 749728AE
md5: f3ab2597d7e384157c32ac2fa39bab26
sha1: c45d362715846c07be36920ec4e21d36c58236eb
sha256: 516cf9289c9f1324850e1dc1c75bc004a3d3abaaabdba4a4eca47a7cf6d6d447
sha512: c9430ceec5e8650205f854ea5c3fd21af9207d386820751cc1f3512fd3bb3d75f7ae949d4a212283ec7fcae8d756952478b8cf1f264bdd3d293ae1dbe4fad5b5
ssdeep: 192:hbiAulIBVvBdb1y4pvKmYpkGGnkd82q/7TI0L0QuxHqHSMTTqBPcj2N:LgIBVvBdg4painSgL0QuxHqH7TTqBP1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10562091EF6A05B63D7B6DA7038783529DFF29B71B43BD06ECB420E44A474550E02C711
sha3_384: 63130617841bae2c3675df0531a460c34872babe6e3ce3b4a07e1fcd5baa4ce328264d1904c68c67f1906c2ce9203b55
ep_bytes: 558bec81ecac080000535633db578d8d
timestamp: 2000-12-29 05:38:13

Version Info:
CompanyName: IntelCom
FileDescription: Test Spy
FileVersion: 1.00 build 3
InternalName: Spy
LegalCopyright: Copyright © 1999
OriginalFilename: TestSpy.exe
ProductName: IntelCom Spy for testing
ProductVersion: 1, 0, 0, 1
Translation: 0x0419 0x04b0

Win32/PSW.TestSpy.E also known as:

Lionic	Trojan.Multi.Generic.4!c
MicroWorld-eScan	Gen:Trojan.Heur.FU.aq0@au984dbc
FireEye	Gen:Trojan.Heur.FU.aq0@au984dbc
McAfee	Artemis!F3AB2597D7E3
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Gen:Trojan.Heur.FU.aq0@au984dbc
K7AntiVirus	Password-Stealer ( 004b74041 )
Alibaba	TrojanPSW:Win32/TestSpy.7b5925c9
K7GW	Password-Stealer ( 004b74041 )
Cybereason	malicious.7d7e38
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/PSW.TestSpy.E
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Trojan.Heur.FU.aq0@au984dbc
NANO-Antivirus	Trojan.Win32.Systemhijack.dadfjn
Avast	Win32:Malware-gen
Emsisoft	Gen:Trojan.Heur.FU.aq0@au984dbc (B)
Zillya	Trojan.TestSpy.Win32.16
McAfee-GW-Edition	BehavesLike.Win32.Dropper.lm
Sophos	Mal/Generic-S
Ikarus	Trojan-PWS.Win32.TestSpy
GData	Gen:Trojan.Heur.FU.aq0@au984dbc
Xcitium	Malware@#2m8rbvbpay8u
Arcabit	Trojan.Heur.FU.E97DDA
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Wacatac.B!ml
BitDefenderTheta	AI:Packer.F7ED57761F
ALYac	Gen:Trojan.Heur.FU.aq0@au984dbc
MAX	malware (ai score=99)
VBA32	BScope.TrojanPSW.TestSpy
Cylance	unsafe
Rising	Trojan.Sisproc!8.830 (TFE:4:iZBDZsGHvAV)
Yandex	Trojan.GenAsa!cFoMuc7t/sU
Fortinet	NewHeur_PE
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Win32/PSW.TestSpy.E?

Win32/PSW.TestSpy.E removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X