About "Win32/Spy.Swisyn.GY" infection

The Win32/Spy.Swisyn.GY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Spy.Swisyn.GY virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Creates RWX memory
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Spy.Swisyn.GY?


File Info:
crc32: 3C051F26
md5: 0de340ed01659ac9fca44d7726c8e7ec
name: 0DE340ED01659AC9FCA44D7726C8E7EC.mlw
sha1: 678b4e05af92257685f12461d1e75b61fd7d9e9e
sha256: 86df23978fe16a0d8c11737b9b902188f08ca94e9204dbd0283bf09f8a672de6
sha512: 40f246430d2a88b4f68ccbdd58c62d077203def9e25cb5a2bfbf7697772dc012316a5e00b02fe97c230cc515738f75cbd783b52fa0aefcc2c25a21fea3244dcd
ssdeep: 12288:UGZZDr2llFqZ63VH9NimwDTWRocFsr3ZeuSfm5v5nveEzk9/RQ5DqmXw/ZDb4/ee:xZv4B9NbMTWRoX3Uusm5RnveE0QG55iZ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Spy.Swisyn.GY also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Spyware ( 00276f081 )
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop1.64533
Cynet	Malicious (score: 100)
ALYac	Gen:Trojan.Heur.8KW@tz0C13ki
Cylance	Unsafe
Zillya	Trojan.Buzus.Win32.69331
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Ransom:Win32/Blocker.b0c8ed53
K7GW	Spyware ( 00276f081 )
Cybereason	malicious.d01659
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Swisyn.GY
APEX	Malicious
Avast	Win32:Delf-PYT [Trj]
ClamAV	Win.Trojan.Agent-375905
Kaspersky	Trojan-Ransom.Win32.Blocker.alvi
BitDefender	Gen:Trojan.Heur.8KW@tz0C13ki
NANO-Antivirus	Trojan.Win32.Buzus.dqoiv
MicroWorld-eScan	Gen:Trojan.Heur.8KW@tz0C13ki
Tencent	Malware.Win32.Gencirc.10ba2f18
Ad-Aware	Gen:Trojan.Heur.8KW@tz0C13ki
Sophos	Mal/Generic-S
Comodo	Backdoor.Win32.Delf.~DP@1mio9l
BitDefenderTheta	AI:Packer.2EE9C13D1C
VIPRE	Trojan.Win32.Generic.pak!cobra
TrendMicro	Ransom_Blocker.R002C0PE621
McAfee-GW-Edition	BehavesLike.Win32.Fareit.dc
FireEye	Generic.mg.0de340ed01659ac9
Emsisoft	Gen:Trojan.Heur.8KW@tz0C13ki (B)
Jiangmin	Trojan/Buzus.awwt
Webroot	W32.Trojan.Gen
Avira	DR/Delphi.Gen7
eGambit	Unsafe.AI_Score_73%
Kingsoft	Win32.HeurC.KVM007.a.(kcloud)
Microsoft	VirTool:Win32/DelfInject
AegisLab	Trojan.Win32.Buzus.lnay
GData	Gen:Trojan.Heur.8KW@tz0C13ki
TACHYON	Trojan/W32.DP-Buzus.991744
AhnLab-V3	Trojan/Win32.Banload.R12397
McAfee	GenericRXHO-GL!0DE340ED0165
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Click
Malwarebytes	PolyRansom.Virus.FileInfector.DDS
Panda	Generic Malware
TrendMicro-HouseCall	Ransom_Blocker.R002C0PE621
Rising	Ransom.Blocker!8.12A (TFE:5:Vdd2DcfShdH)
Yandex	TrojanSpy.Swisyn!tLovytKF/5c
Ikarus	Virus.Win32.DelfInject
Fortinet	W32/Injector.MOU!tr
AVG	Win32:Delf-PYT [Trj]
Paloalto	generic.ml

How to remove Win32/Spy.Swisyn.GY?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/Spy.Swisyn.GY” infection