Win32/Spy.Bancos.NZR removal

The Win32/Spy.Bancos.NZR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Spy.Bancos.NZR virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid

How to determine Win32/Spy.Bancos.NZR?


File Info:
name: 67110CA6A626486647B4.mlw
path: /opt/CAPEv2/storage/binaries/04044ecb079f03779249e1af23a4fea7ba23e2b207800ede007765a870517c8c
crc32: CB8D67F4
md5: 67110ca6a626486647b41b54f4f3c006
sha1: 09d0fe6569214601ab8a905afe116b30e4231bff
sha256: 04044ecb079f03779249e1af23a4fea7ba23e2b207800ede007765a870517c8c
sha512: 3a74bf1cc96bba34ccbfc91e3f4802d178f496fc1cd32ea469c44324219f79d5ffaf5da929197d1c357b273066d456952b5aeedef91b0ae569bf298e0aa1c0b5
ssdeep: 1536:bcf4iKEFXvxKqHsbJPdq/mgqHsDKEFXvxg+:bc/Xeya2mgyuXH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CB83F8C3F24590A5FC9A45712537DE541E0AFE35B8D02D02768A7A5B8AB32C3A1F631F
sha3_384: daed31913d73a72c35a87d68d4be8952e5b6e266a2b1a3cea9ffe8a58227c66f7e365fc01250f85dfefce792af7d1d2b
ep_bytes: 6814754000e8eeffffff000000000000
timestamp: 2010-07-05 17:52:57

Version Info:
Translation: 0x0409 0x04b0
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: orcamento
OriginalFilename: orcamento.exe

Win32/Spy.Bancos.NZR also known as:

Lionic	Trojan.Win32.Swisyn.kZb9
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.fm0@sXE!Xxeif
Skyhigh	BehavesLike.Win32.Vilsel.mm
ALYac	Gen:Trojan.Heur.fm0@sXE!Xxeif
Zillya	Worm.VB.Win32.3005
Alibaba	Worm:Win32/Bancos.0970064e
Cybereason	malicious.6a6264
Arcabit	Trojan.Heur.E57EC1
BitDefenderTheta	AI:Packer.77EF19EA1D
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Bancos.NZR
APEX	Malicious
TrendMicro-HouseCall	WORM_VB.JMT
ClamAV	Win.Trojan.Agent-622035
Kaspersky	Worm.Win32.VB.fh
BitDefender	Gen:Trojan.Heur.fm0@sXE!Xxeif
NANO-Antivirus	Trojan.Win32.VB.cvpoxj
Avast	Win32:VB-PYJ [Drp]
Emsisoft	Gen:Trojan.Heur.fm0@sXE!Xxeif (B)
F-Secure	Trojan.TR/Crypt.CFI.Gen
DrWeb	Worm.Siggen.5238
VIPRE	Gen:Trojan.Heur.fm0@sXE!Xxeif
TrendMicro	WORM_VB.JMT
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.67110ca6a6264866
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Webroot	W32.Dynamer.Gen
Google	Detected
Avira	TR/Crypt.CFI.Gen
Varist	W32/VB-Document-disguised-based
Antiy-AVL	Worm/Win32.VB.fh
Kingsoft	Win32.HeurC.KVM007.a
Xcitium	Worm.Win32.VB.wdq@2nrss6
Microsoft	Trojan:Win32/Dynamer!dtc
ViRobot	Worm.Win32.A.VB.81920
ZoneAlarm	Worm.Win32.VB.fh
GData	Gen:Trojan.Heur.fm0@sXE!Xxeif
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win32.Genome.C66494
McAfee	GenericRXAA-AA!67110CA6A626
MAX	malware (ai score=99)
Rising	Malware.FakeDOC/ICON!1.9C3B (CLASSIC)
Yandex	Trojan.GenAsa!CbU/Ysreskc
Ikarus	Trojan.Win32.VB
MaxSecure	Trojan.Malware.680808.susgen
Fortinet	W32/VB.FH!worm
AVG	Win32:VB-PYJ [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Worm:Win/Bancos.NZR

How to remove Win32/Spy.Bancos.NZR?

Win32/Spy.Bancos.NZR removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X