What is “Win32/WinSpy potentially unsafe”?

The Win32/WinSpy potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/WinSpy potentially unsafe virus can do?

Executable code extraction
Possible date expiration check, exits too soon after checking local time
Network activity detected but not expressed in API logs

How to determine Win32/WinSpy potentially unsafe?


File Info:
crc32: D4B94D26
md5: 521cad279e76bff951c4ed8df9dc643c
name: 521CAD279E76BFF951C4ED8DF9DC643C.mlw
sha1: 066ef19ed4f21874bc9d506cde7bee4e6568a1a7
sha256: 53b1579461ad0c1e9ffdb13362b44d699a1552eb40678aa5e4af804fb9c88130
sha512: 5f8bceb55e0e85d72ce8a64b8025cad6be2b96e4a550f216424d6934aa7cecfdc830fe6a6538eb51f0559eeb08629464f378cd5296a211b6775a76cf3cd954aa
ssdeep: 49152:Jm82y1Kvkp6Ny5teZzhfEZQfeF9IO1vclTcluq5wHIF:Jmny1KMp682Zz/feFn1vc0ua/
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
LegalCopyright: 2015 Solaris IT Solutions
InternalName: 101
FileVersion: 6117.00
CompanyName: Solaris IT Solutions
LegalTrademarks: 2015 Solaris IT Solutions
ProductName: Main Console
ProductVersion: 6117.00
FileDescription: SystemIO
OriginalFilename: 101.exe

Win32/WinSpy potentially unsafe also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.StealerNET.69
ALYac	Gen:Variant.MSILPerseus.222517
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.79e76b
Cyren	W32/Trojan.PNGD-3769
ESET-NOD32	a variant of Win32/WinSpy potentially unsafe
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Malware.Ursu-9883073-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender	Gen:Variant.MSILPerseus.222517
NANO-Antivirus	Trojan.Win32.Agensla.igwvin
MicroWorld-eScan	Gen:Variant.MSILPerseus.222517
Ad-Aware	Gen:Variant.MSILPerseus.222517
Sophos	Generic ML PUA (PUA)
F-Secure	Heuristic.HEUR/AGEN.1134895
BitDefenderTheta	Gen:NN.ZemsilF.34236.bm0@aONRsrj
VIPRE	Trojan.Win32.Generic.pak!cobra
FireEye	Gen:Variant.MSILPerseus.222517
Emsisoft	Gen:Variant.MSILPerseus.222517 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1134895
Antiy-AVL	Trojan/Generic.ASMalwS.3412FD6
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.MSILPerseus.D36535
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
GData	Gen:Variant.MSILPerseus.222517
McAfee	Artemis!521CAD279E76
MAX	malware (ai score=83)
Yandex	TrojanSpy.Agent!w7X4vxb/HCU
Ikarus	Trojan-Spy.MassLogger
AVG	Win32:PWSX-gen [Trj]

How to remove Win32/WinSpy potentially unsafe?

Win32/WinSpy potentially unsafe removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X