Spy

About “Win32/PSW.TestSpy.E” infection

Malware Removal

The Win32/PSW.TestSpy.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/PSW.TestSpy.E virus can do?

  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Win32/PSW.TestSpy.E?


File Info:

name: F3AB2597D7E384157C32.mlw
path: /opt/CAPEv2/storage/binaries/516cf9289c9f1324850e1dc1c75bc004a3d3abaaabdba4a4eca47a7cf6d6d447
crc32: 749728AE
md5: f3ab2597d7e384157c32ac2fa39bab26
sha1: c45d362715846c07be36920ec4e21d36c58236eb
sha256: 516cf9289c9f1324850e1dc1c75bc004a3d3abaaabdba4a4eca47a7cf6d6d447
sha512: c9430ceec5e8650205f854ea5c3fd21af9207d386820751cc1f3512fd3bb3d75f7ae949d4a212283ec7fcae8d756952478b8cf1f264bdd3d293ae1dbe4fad5b5
ssdeep: 192:hbiAulIBVvBdb1y4pvKmYpkGGnkd82q/7TI0L0QuxHqHSMTTqBPcj2N:LgIBVvBdg4painSgL0QuxHqH7TTqBP1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10562091EF6A05B63D7B6DA7038783529DFF29B71B43BD06ECB420E44A474550E02C711
sha3_384: 63130617841bae2c3675df0531a460c34872babe6e3ce3b4a07e1fcd5baa4ce328264d1904c68c67f1906c2ce9203b55
ep_bytes: 558bec81ecac080000535633db578d8d
timestamp: 2000-12-29 05:38:13

Version Info:

CompanyName: IntelCom
FileDescription: Test Spy
FileVersion: 1.00 build 3
InternalName: Spy
LegalCopyright: Copyright © 1999
OriginalFilename: TestSpy.exe
ProductName: IntelCom Spy for testing
ProductVersion: 1, 0, 0, 1
Translation: 0x0419 0x04b0

Win32/PSW.TestSpy.E also known as:

LionicTrojan.Multi.Generic.4!c
MicroWorld-eScanGen:Trojan.Heur.FU.aq0@au984dbc
FireEyeGen:Trojan.Heur.FU.aq0@au984dbc
McAfeeArtemis!F3AB2597D7E3
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Trojan.Heur.FU.aq0@au984dbc
K7AntiVirusPassword-Stealer ( 004b74041 )
AlibabaTrojanPSW:Win32/TestSpy.7b5925c9
K7GWPassword-Stealer ( 004b74041 )
Cybereasonmalicious.7d7e38
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.TestSpy.E
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Trojan.Heur.FU.aq0@au984dbc
NANO-AntivirusTrojan.Win32.Systemhijack.dadfjn
AvastWin32:Malware-gen
EmsisoftGen:Trojan.Heur.FU.aq0@au984dbc (B)
ZillyaTrojan.TestSpy.Win32.16
McAfee-GW-EditionBehavesLike.Win32.Dropper.lm
SophosMal/Generic-S
IkarusTrojan-PWS.Win32.TestSpy
GDataGen:Trojan.Heur.FU.aq0@au984dbc
XcitiumMalware@#2m8rbvbpay8u
ArcabitTrojan.Heur.FU.E97DDA
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
BitDefenderThetaAI:Packer.F7ED57761F
ALYacGen:Trojan.Heur.FU.aq0@au984dbc
MAXmalware (ai score=99)
VBA32BScope.TrojanPSW.TestSpy
Cylanceunsafe
RisingTrojan.Sisproc!8.830 (TFE:4:iZBDZsGHvAV)
YandexTrojan.GenAsa!cFoMuc7t/sU
FortinetNewHeur_PE
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Win32/PSW.TestSpy.E?

Win32/PSW.TestSpy.E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment