Spy

About “Win32/Spy.SpyEye.B” infection

Malware Removal

The Win32/Spy.SpyEye.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Spy.SpyEye.B virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Mimics the file times of a Windows system file
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates Zeus (Banking Trojan) mutexes
  • Creates a copy of itself

How to determine Win32/Spy.SpyEye.B?



File Info:

crc32: E5E9CDBC
md5: 560e4c9c47429afb51408f4d467fe28b
name: 560E4C9C47429AFB51408F4D467FE28B.mlw
sha1: 7f77d4fe0cd132234908ca6739c2fe87f5b00295
sha256: 2492dcb768f4b67edb103cae842df5c56670c6676bed83b1d545da55f273091b
sha512: ce6965bf4a82f873f666b4c16cd7a31eadb17a696bb6f54139f6c23e3ee9186afa62e7072d25ec8fe5d66ec5b0baf9603ffbf8ad483578b096321b2e873ea6ec
ssdeep: 3072:wJA+zGaUrDduhiI1mgvPSWedxiV7hXlluI27B/nCV/Eja1NYq/7iFJqT:YU/d2iI1AWKiV7hXj27JCVsW1XjiF
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 1990-2005
Web: tgidoyywjfhs
FileVersion: 28.79.96.9
Author: tgyqrdeatjdrnx
CompanyName: aavceeculvvgugmdxb
Comments: jeggdgifujn
FileDescription: xqmduokrn
Internal Name: dbiippgtadpudci
Translation: 0x0409 0x04b0

Win32/Spy.SpyEye.B also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.SpySweep.31
ClamAVWin.Spyware.Zbot-1282
ALYacGen:Trojan.Heur.FU.nq0@aqydqzgc
CylanceUnsafe
ZillyaTrojan.SpyEye.Win32.575
SangforSpyware.Win32.SpyEye.8
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanSpy:Win32/EyeStye.561cdcad
K7GWSpyware ( 0055e3db1 )
K7AntiVirusSpyware ( 0055e3db1 )
SymantecTrojan.Zbot!gen9
ESET-NOD32Win32/Spy.SpyEye.B
APEXMalicious
AvastWin32:MalOb-IJ [Cryp]
CynetMalicious (score: 100)
KasperskyPacked.Win32.Krap.ae
BitDefenderGen:Trojan.Heur.FU.nq0@aqydqzgc
NANO-AntivirusTrojan.Win32.Zbot.bdqey
MicroWorld-eScanGen:Trojan.Heur.FU.nq0@aqydqzgc
TencentWin32.Packed.Krap.Stas
Ad-AwareGen:Trojan.Heur.FU.nq0@aqydqzgc
SophosML/PE-A + Mal/EncPk-ACO
BitDefenderThetaAI:Packer.448816821F
VIPREPacked.Win32.Zbot.gen.y.5 (v)
TrendMicroTSPY_ZBOT.SMOF
McAfee-GW-EditionPWS-Spyeye.d
FireEyeGeneric.mg.560e4c9c47429afb
EmsisoftGen:Trojan.Heur.FU.nq0@aqydqzgc (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.auwn
AviraTR/Crypt.ZPACK.Gen2
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.449445
MicrosoftTrojan:Win32/EyeStye.H
ArcabitTrojan.Heur.FU.ED20A4C
GDataGen:Trojan.Heur.FU.nq0@aqydqzgc
AhnLab-V3Trojan/Win32.Zbot.R2030
McAfeePWS-Spyeye.d
MAXmalware (ai score=99)
VBA32BScope.Trojan.MTA.0661
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_ZBOT.SMOF
RisingTrojan.Generic@ML.100 (RDML:E9PBh9Vpp5UXUuHDV4NbUw)
YandexTrojan.GenAsa!TAa1E2HDm7M
IkarusWorm.Win32.Ramnit
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GM!tr
AVGWin32:MalOb-IJ [Cryp]
Paloaltogeneric.ml

How to remove Win32/Spy.SpyEye.B?

Win32/Spy.SpyEye.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment