How to remove “Win32/Spy.Casbaneiro.DK”?

The Win32/Spy.Casbaneiro.DK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Spy.Casbaneiro.DK virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Spy.Casbaneiro.DK?


File Info:
name: 171BFE5B262DDAC34C33.mlw
path: /opt/CAPEv2/storage/binaries/2287543de088a911db7debe3901f7f15bf03df0310de7d6a9a7b2385d3e6ce2a
crc32: 49BE015A
md5: 171bfe5b262ddac34c330e7f6f04c94b
sha1: ab70d80245422f468b92ea5f7c40cb0bbb993c2d
sha256: 2287543de088a911db7debe3901f7f15bf03df0310de7d6a9a7b2385d3e6ce2a
sha512: 0cf9f75d2b22150db2203086dd47293306177047f62324a0a04626832b9096bde7b4af0b2089d5cb3e60395d25e6807671a10df3d6358d92c652638ff5b80a90
ssdeep: 49152:T2Yfto9a4NfG9KEXBRwSBNjFkHtMUt3wJ//MVUvEgTpTjIJ97qyOOCyOOmb:T2faV9K4yt32/MVUvE4OGyOOCyOOmb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106F53A327240383AC16A0E3658737654583E7BA165CA8D1B7EB39B5C8F35181F92AF4F
sha3_384: 475094d181fd5a51d08e2e5c1dee1c98ff2d17ac24939cdb6e4efcf359e246dd95cd6cabff36328e27567e7c12223960
ep_bytes: 558bec83c4f0b8182c6600e8fc04daff
timestamp: 2022-01-23 19:23:29

Version Info:
CompanyName:  ywxjbeuia
FileDescription: keeg yih
FileVersion: 2.3.7.6
InternalName: f kxamq
ProductName: zezsqbyi cpjbalb
ProductVersion: 2.3.7.6
Comments: b mrhtb kgsvryhxczwxtmrgkq
Translation: 0x0409 0x04e4

Win32/Spy.Casbaneiro.DK also known as:

Bkav	W32.Common.6702CFC2
Lionic	Trojan.Win32.Casbaneiro.b!c
MicroWorld-eScan	Trojan.GenericKD.71666529
FireEye	Trojan.GenericKD.71666529
Skyhigh	BehavesLike.Win32.Dropper.wh
McAfee	Artemis!171BFE5B262D
Cylance	unsafe
Zillya	Trojan.Casbaneiro.Win32.742
Sangfor	Spyware.Win32.Casbaneiro.V5zr
CrowdStrike	win/malicious_confidence_60% (W)
K7GW	Spyware ( 0058de7f1 )
K7AntiVirus	Spyware ( 0058de7f1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Casbaneiro.DK
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Dropper.Win32.Delf
BitDefender	Trojan.GenericKD.71666529
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.13fffda7
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Spy.Casbaneiro.ejnsc
VIPRE	Trojan.GenericKD.71666529
TrendMicro	TROJ_GEN.R002C0WB524
Emsisoft	Trojan.GenericKD.71666529 (B)
Ikarus	Trojan-Spy.Win32.Casbaneiro
GData	Trojan.GenericKD.71666529
Varist	W32/ABSpyware.TDHX-8534
Avira	TR/Spy.Casbaneiro.ejnsc
Antiy-AVL	Trojan[Spy]/Win32.Casbaneiro
Kingsoft	Win32.Troj.Undef.a
Arcabit	Trojan.Generic.D4458B61
ZoneAlarm	UDS:Trojan-Dropper.Win32.Delf
Microsoft	Trojan:Win32/Mamson.A!ac
Google	Detected
ALYac	Trojan.GenericKD.71666529
MAX	malware (ai score=87)
Malwarebytes	Neshta.Virus.FileInfector.DDS
Panda	Trj/Agent.ALS
TrendMicro-HouseCall	TROJ_GEN.R002C0WB524
Rising	Trojan.Generic@AI.100 (RDML:bCunKTW8j/KhBtpV9gmnaQ)
MaxSecure	Trojan.Malware.184561318.susgen
Fortinet	W32/Casbaneiro.DK!tr.spy
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS

How to remove Win32/Spy.Casbaneiro.DK?

Win32/Spy.Casbaneiro.DK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X