Should I remove “Worm:Win32/Pykspa.C”?

Malware Removal

The Worm:Win32/Pykspa.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Worm:Win32/Pykspa.C virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Starts servers listening on 0.0.0.0:16436
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Sniffs keystrokes
  • Attempts to stop active services
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior

Related domains:

www.whatismyip.ca
www.showmyipaddress.com
whatismyipaddress.com
whatismyip.everdot.org
www.whatismyip.com
www.myspace.com
www.youtube.com
pmqyiytmmx.info
znnqnmrmf.org
ledkffcxtrj.com
kufgjeu.info
pbeiiz.net
venkxsxgput.org
ebdleqefsmfs.info
qscuwesy.org
vygnqqblelwj.info
rbaepxgz.net
hujwkbrvdl.net
auvpkazrjyzd.net
xmfefbhxmrjw.net
eomqptjzuiih.info
gmjriskwxs.net
wevadwrd.info
wwikkkwcquag.org
fwvfnwrjt.net
kicspd.info
zsrrov.info
jxzcqm.net
awiqfwyl.info
vhnbkjpu.net
eqpcnwxmbwz.net
dubjxklg.net
eygiowgqsc.org
wuwcas.com
nqlyyiv.info
nfrdyglgr.com
rmnkuij.net
fwpdcqcyvnpo.net
oqtyqkrfrfp.info
mczpppmq.info
dpykirei.info
ieoiio.org
zcbchgm.net
uwasikco.com
snctbm.info
ocxqvuvzw.info
veltzep.info
delbowyey.info

How to determine Worm:Win32/Pykspa.C?


File Info:

crc32: 7C5A7331
md5: 9d8c5c6830e9d9d76a19351dfc7ec24c
name: 9D8C5C6830E9D9D76A19351DFC7EC24C.mlw
sha1: 23aded6636bde8b76ab4a6bd6befe7388a334354
sha256: 26f2be7f193f8beb420c06b9d42de587e2f60d691def7028cef2c0be14d7cc8e
sha512: 824194f339ddbc8a72710ab0ad125d219270c78f05fbfea1620b2e7ff2c246fd73b48b9db69bd6e30235601f4c39da54bbf7c1946f573d196ebb2b3ca397cb9d
ssdeep: 6144:h1Qv8rK3FQp4LGCr9a9n4FRm6RGMXKqCQFHgTlZn86JQPDHDdx/QtqG:COkiCpat4FU6JXKqFZglFPJQPDHvd
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Worm:Win32/Pykspa.C also known as:

BkavW32.Common.66262B2C
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.30621080
FireEyeGeneric.mg.9d8c5c6830e9d9d7
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeW32/Pykse.worm.c
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003da8d71 )
BitDefenderTrojan.GenericKD.30621080
K7GWTrojan ( 003da8d71 )
Cybereasonmalicious.830e9d
BitDefenderThetaGen:NN.ZexaF.34590.umW@aSLYWcc
CyrenW32/Pykspa.A.gen!Eldorado
SymantecW32.Pykspa.D
TotalDefenseWin32/Pykspa.B
BaiduWin32.Worm.Autorun.o
APEXMalicious
AvastWin32:Renos-KY [Trj]
ClamAVWin.Worm.Pykspa-6057105-0
KasperskyTrojan-Ransom.Win32.Blocker.jcen
AlibabaRansom:Win32/Blocker.a4eb3567
NANO-AntivirusTrojan.Win32.TrjGen.dxqwva
ViRobotTrojan.Win32.Blocker.Gen.B
RisingTrojan.Win32.Generic.124CA03B (C64:YzY0OpRKuhfTatwM)
Ad-AwareTrojan.GenericKD.30621080
EmsisoftTrojan.GenericKD.30621080 (B)
ComodoWorm.Win32.Autorun.Agent_TG0@1isiwy
F-SecureTrojan.TR/Agent.327680.zfkkk
DrWebTrojan.Siggen.36621
ZillyaTrojan.Blocker.Win32.40256
TrendMicroTROJ_VILSEL.SMO
McAfee-GW-EditionBehavesLike.Win32.Pykse.fc
SophosML/PE-A + W32/Pykse-F
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Blocker.lia
WebrootWorm:Win32/Pykspa.C
AviraTR/Agent.327680.zfkkk
MAXmalware (ai score=80)
Antiy-AVLTrojan/Win32.AntiAV
MicrosoftWorm:Win32/Pykspa.C
ArcabitTrojan.Generic.D1D33D98
SUPERAntiSpywareTrojan.Agent/Gen-SpamBot
ZoneAlarmTrojan-Ransom.Win32.Blocker.jcen
GDataWin32.Trojan.PSE.KF4I2L
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zepfod.R397
Acronissuspicious
VBA32Trojan.ChidikSun.28205
ALYacTrojan.GenericKD.30621080
TACHYONTrojan/W32.Vilsel.327680.E
MalwarebytesGeneric.Worm.Agent.DDS
PandaTrj/Genetic.gen
ESET-NOD32Win32/AutoRun.Agent.TG
TrendMicro-HouseCallTROJ_VILSEL.SMO
TencentWorm.Win32.Pykspa.a
YandexTrojan.GenAsa!R41E4MI3PTc
IkarusTrojan.Win32.AntiAV
MaxSecureTrojan.Ransom.Blocker.iprw
FortinetW32/Agent.XEK!tr
AVGWin32:Renos-KY [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM08.0.8A61.Malware.Gen

How to remove Worm:Win32/Pykspa.C?

Worm:Win32/Pykspa.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment