Worm

Worm:Win32/Pykspa!pz removal instruction

Malware Removal

The Worm:Win32/Pykspa!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Pykspa!pz virus can do?

  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Pykspa!pz?


File Info:

name: D3BD95E2B9F8C5BD4EA9.mlw
path: /opt/CAPEv2/storage/binaries/fe0fe9f5f71ae9783221388ce6b674b85a3839bb79d786cb9e893d040ae62b66
crc32: 5E78F120
md5: d3bd95e2b9f8c5bd4ea9122a64276015
sha1: ce7975815bdc26c4a6fbe7c83df93627552a2509
sha256: fe0fe9f5f71ae9783221388ce6b674b85a3839bb79d786cb9e893d040ae62b66
sha512: 1a3b6ea5d32803f0048c263b652b839e19effa98dabd143320a65964ed08dba7f9fe26d9aa13329793a25253c9c46cfde1ac75b1931429ed8c887c49fcc9a66b
ssdeep: 12288:BXgvmzFHi0mo5aH0qMzd583gcgURU7FE2PJQPDHvd:BXgvOHi0mGaH0qSddFEo4V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3A6CF3AB681C8F1C18580313656AF225EF5AC300225EA57DBE0DE496FF95D8D72A34F
sha3_384: 830b1d3cdd0651dcf3d3c25e5897b57df5f9b99186f6dbc4fa3b955fcce812f1418e09778d4ab0ca3ca33af8c7467128
ep_bytes: 6a6068f8b74200e8edf7ffffbf940000
timestamp: 2006-12-09 08:59:46

Version Info:

0: [No Data]

Worm:Win32/Pykspa!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.AgentWDCR.JMO
FireEyeGeneric.mg.d3bd95e2b9f8c5bd
CAT-QuickHealWorm.Pykspa.C3
SkyhighBehavesLike.Win32.Pykse.tz
ALYacTrojan.AgentWDCR.JMO
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Blocker.Win32.28137
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 003da8d71 )
K7GWTrojan ( 003da8d71 )
Cybereasonmalicious.15bdc2
ArcabitTrojan.AgentWDCR.JMO
VirITTrojan.Win32.AntiAV.PIN
SymantecW32.Pykspa.D
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.Agent.TG
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Worm.Autorun-437
KasperskyHEUR:Worm.Win32.Agent.gen
BitDefenderTrojan.AgentWDCR.JMO
NANO-AntivirusTrojan.Win32.AntiAV.dsnxsg
AvastWin32:Renos-KY [Trj]
TencentWorm.Win32.Yah.za
EmsisoftTrojan.AgentWDCR.JMO (B)
F-SecureTrojan.TR/Agent.327680.A
DrWebTrojan.Kypes.2
VIPRETrojan.AgentWDCR.JMO
TrendMicroTROJ_AGENT_006376.TOMB
Trapminemalicious.high.ml.score
SophosW32/Pykse-H
IkarusTrojan.Agent
JiangminTrojan/Vilsel.cgx
WebrootWorm:Win32/Pykspa.C
VaristW32/Pykspa.A.gen!Eldorado
AviraTR/Agent.327680.A
Antiy-AVLTrojan/Win32.AntiAV
XcitiumWorm.Win32.Autorun.Agent_TG0@1isiwy
MicrosoftWorm:Win32/Pykspa!pz
ViRobotTrojan.Win32.Blocker.Gen.B
ZoneAlarmHEUR:Worm.Win32.Agent.gen
GDataWin32.Trojan.BSE.1JWSKP9
GoogleDetected
AhnLab-V3Trojan/Win32.Zepfod.R4378
Acronissuspicious
McAfeeW32/Pykse.worm.gen.a
MAXmalware (ai score=85)
VBA32Worm.Yah
Cylanceunsafe
PandaW32/SpySkype.E
ZonerTrojan.Win32.24407
TrendMicro-HouseCallTROJ_AGENT_006376.TOMB
RisingWorm.Autorun!1.BC87 (CLASSIC)
YandexTrojan.GenAsa!qHVVdB/AORM
SentinelOneStatic AI – Malicious PE
MaxSecureBackdoor.Zepfod.A
FortinetW32/AutoRun.AGENT.AUA!tr
BitDefenderThetaGen:NN.ZexaF.36792.@pW@aiXfFb
AVGWin32:Renos-KY [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm:Win32/Pykspa!pz?

Worm:Win32/Pykspa!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment