Win32/Spy.Bancos.NJE removal tips

The Win32/Spy.Bancos.NJE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Spy.Bancos.NJE virus can do?

Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Spy.Bancos.NJE?


File Info:
name: 022637DF088D55D85EB0.mlw
path: /opt/CAPEv2/storage/binaries/5121400a96495de999424a27bd5ba37c79f5b961de3eb9fcced49209cff0bf86
crc32: D4064141
md5: 022637df088d55d85eb02662f05ffd96
sha1: 34510d99beb3b922552dca0682f912cf4469fe40
sha256: 5121400a96495de999424a27bd5ba37c79f5b961de3eb9fcced49209cff0bf86
sha512: 9223d4d65b504714dcb26a788d22d8895aff86b4be6141e41f89f2afaa1be79df02d7655e3777ea9ae0b99b370e5ec97b1a2d4348b3592611fffee4e4bd16186
ssdeep: 12288:OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO1:
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BCD531A8D116E00CC9E65E7C6C8E3961AC3C8E6C715E863E2D313E627879FF14D95E12
sha3_384: 9f774841f77db0c9e1ccfbb0cb68868b441f4ad1b46dbbc30cfc590c872dbd869b00d6448e0a640778986dbb65640ea6
ep_bytes: 68107b4000e8eeffffff000000000000
timestamp: 2007-01-30 07:01:02

Version Info:
Translation: 0x0409 0x04b0
CompanyName: aa
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: at45fff
OriginalFilename: at45fff.exe

Win32/Spy.Bancos.NJE also known as:

Lionic	Trojan.Win32.Banload.lFtU
MicroWorld-eScan	Gen:Trojan.Heur.Rw0@sb6z2Void
FireEye	Generic.mg.022637df088d55d8
ALYac	Gen:Trojan.Heur.Rw0@sb6z2Void
Malwarebytes	Generic.Spyware.Stealer.DDS
Zillya	Trojan.Bancos.Win32.26393
Sangfor	Suspicious.Win32.Save.vb
Alibaba	TrojanSpy:Win32/Bancos.c5ee2fc8
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.8932B5E21D
Cyren	W32/Trojan-Gypikon-based.DM2!Ma
Symantec	Infostealer
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Spy.Bancos.NJE
APEX	Malicious
Paloalto	generic.ml
BitDefender	Gen:Trojan.Heur.Rw0@sb6z2Void
NANO-Antivirus	Trojan.Win32.Bancos.fpgpln
Tencent	Win32.Trojan.Agen.Rwhl
Emsisoft	Gen:Trojan.Heur.Rw0@sb6z2Void (B)
VIPRE	Gen:Trojan.Heur.Rw0@sb6z2Void
McAfee-GW-Edition	PWS-Banker.gen.l
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
GData	Gen:Trojan.Heur.Rw0@sb6z2Void
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Spy]/Win32.Bancos
Arcabit	Trojan.Heur.E3C760
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win32.Bancos.R130953
McAfee	PWS-Banker.gen.l
DeepInstinct	MALICIOUS
VBA32	Trojan.VBRA.05698
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Malware.Undefined!8.C (TFE:5:GBgExpEW9rI)
Yandex	Trojan.GenAsa!ki273u3djJk
Ikarus	Trojan-Downloader.Win32.Banload
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:Trojan-gen
Cybereason	malicious.f088d5
Avast	Win32:Trojan-gen

How to remove Win32/Spy.Bancos.NJE?

Win32/Spy.Bancos.NJE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X