How to remove “Win32:Crypt-SHW [Trj]”?

The Win32:Crypt-SHW [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Crypt-SHW [Trj] virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Drops a binary and executes it
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:Crypt-SHW [Trj]?


File Info:
name: BD5F1759D7894720CA03.mlw
path: /opt/CAPEv2/storage/binaries/75c33328496edfe5f25e37fc000203625cf69d7b52d41da428bd8a2442b5740e
crc32: 7B684545
md5: bd5f1759d7894720ca03873e28aaa08d
sha1: c64f8528e789dc9cee319aec50933ed133148e9c
sha256: 75c33328496edfe5f25e37fc000203625cf69d7b52d41da428bd8a2442b5740e
sha512: c417744564cf003d1969f7cb95efc4653e9509e206d3d5dd47e258c213d7be93fd65012252dbff1f1f7b30eb1f2e847ed045207e94e4771b1201e81e64c5a1e0
ssdeep: 384:KKa2KfzClaJMgXJHdpiVKBUrQM3FDhdrtjWPZPSLNJl:fa2AkcMMZrZ+QM3bsSJb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14913186A56E111E2C4A74DB3CAB0B18E99AE7E233D035C4D5671F6884FF27C26C3191D
sha3_384: 6ffc425fc58537e3f4c6192e2987a5d6654423a62fdbdcd1ec5817b4b540522b0460d417d28e2aa9f4b7cb2d8fdd47e7
ep_bytes: 8bec81c4f4feffffe8000000005b6681
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Win32:Crypt-SHW [Trj] also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.100204
ClamAV	Win.Downloader.Upatre-9963158-0
FireEye	Generic.mg.bd5f1759d7894720
CAT-QuickHeal	Trojan.Verpackert.S12580624
McAfee	GenericATG-FABE!BD5F1759D789
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Downloader.Waski.Win32.80563
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0055c6c71 )
K7GW	Trojan-Downloader ( 0049d22b1 )
Cybereason	malicious.9d7894
Arcabit	Trojan.Generic.D1876C
BitDefenderTheta	AI:Packer.05A7BD0E1E
Cyren	W32/S-0e687b75!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/TrojanDownloader.Waski.F
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Dropper.Win32.Dapato.vho
BitDefender	Trojan.GenericKDZ.100204
NANO-Antivirus	Trojan.Win32.Upatre.desdhv
Avast	Win32:Crypt-SHW [Trj]
Tencent	Trojan-DL.Win32.Waski.zc
Sophos	Mal/Upatre-AS
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.DownLoad3.33795
VIPRE	Trojan.GenericKDZ.100204
McAfee-GW-Edition	BehavesLike.Win32.Downloader.pt
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKDZ.100204 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.aucae
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan[Downloader]/Win32.Upatre
Xcitium	TrojWare.Win32.TrojanDownloader.Upatre.BC@5qv3w8
Microsoft	Trojan:Win32/Vindor!pz
ZoneAlarm	HEUR:Trojan-Dropper.Win32.Dapato.vho
GData	Win32.Trojan.PSE1.1ND8CBC
Google	Detected
AhnLab-V3	Trojan/Win32.Agent.R120254
Acronis	suspicious
VBA32	BScope.TrojanDownloader.Upatre
MAX	malware (ai score=86)
Cylance	unsafe
Panda	Trj/Genetic.gen
APEX	Malicious
Rising	Downloader.Waski!1.B69C (CLASSIC)
Fortinet	W32/Waski.C!tr
AVG	Win32:Crypt-SHW [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Win32:Crypt-SHW [Trj]?

Win32:Crypt-SHW [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X