Seeing the Trojan-PSW.Win32.Disco.hto malware detection usually means that your PC is in big danger. This computer virus can correctly be identified as ransomware – sort of malware which encrypts your files and asks you to pay for their decryption. Removing it requires some specific steps that must be done as soon as possible.
Trojan-PSW.Win32.Disco.hto detection is a virus detection you can spectate in your computer. It generally appears after the provoking activities on your computer – opening the untrustworthy email, clicking the banner in the Web or setting up the program from dubious sources. From the moment it appears, you have a short time to do something about it until it begins its malicious activity. And be sure – it is far better not to await these malicious things.
What is Trojan-PSW.Win32.Disco.hto virus?
Trojan-PSW.Win32.Disco.hto Summary
Summarizingly, Trojan-PSW.Win32.Disco.hto malware activities in the infected PC are next:
- SetUnhandledExceptionFilter detected (possible anti-debug);
- Dynamic (imported) function loading detected;
- Yara rule detections observed from a process memory dump/dropped files/CAPE;
- Possible date expiration check, exits too soon after checking local time;
- Enumerates the modules from a process (may be used to locate base addresses in process injection);
- CAPE extracted potentially suspicious content;
- The binary likely contains encrypted or compressed data.;
- Authenticode signature is invalid;
- CAPE detected the RedLine malware family;
- Anomalous binary characteristics;
- Encrypting the files located on the target’s disk drives — so the victim cannot open these files;
- Blocking the launching of .exe files of anti-virus apps
- Blocking the launching of installation files of anti-virus apps
Ransomware has actually been a headache for the last 4 years. It is challenging to picture a more dangerous malware for both individuals and businesses. The algorithms utilized in Trojan-PSW.Win32.Disco.hto (typically, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need to have more time than our galaxy actually exists, and possibly will exist. However, that virus does not do all these bad things immediately – it may require up to a few hours to cipher all of your files. Thus, seeing the Trojan-PSW.Win32.Disco.hto detection is a clear signal that you have to begin the elimination process.
Where did I get the Trojan-PSW.Win32.Disco.hto?
Ordinary methods of Trojan-PSW.Win32.Disco.hto distribution are basic for all other ransomware variants. Those are one-day landing sites where users are offered to download and install the free program, so-called bait e-mails and hacktools. Bait emails are a relatively modern strategy in malware distribution – you receive the e-mail that imitates some normal notifications about shipments or bank service conditions shifts. Within the e-mail, there is a corrupted MS Office file, or a web link which opens the exploit landing site.
Malicious email message. This one tricks you to open the phishing website.
Avoiding it looks fairly easy, but still requires a lot of attention. Malware can hide in various places, and it is much better to stop it even before it goes into your PC than to depend on an anti-malware program. Simple cybersecurity knowledge is just an important thing in the modern world, even if your interaction with a PC remains on YouTube videos. That may save you a great deal of money and time which you would spend while seeking a fix guide.
Trojan-PSW.Win32.Disco.hto malware technical details
File Info:
name: 53F148CFD91F0806EC5F.mlwpath: /opt/CAPEv2/storage/binaries/865530c6a14a80ff84411c1ed2ebb8a7787e26b83cdca568dcd2eb95e108729fcrc32: 9E7D4ADBmd5: 53f148cfd91f0806ec5fa7d48de2b8f3sha1: 6ec3284ff677c76b19ae3bc8eadc2e153abbb99fsha256: 865530c6a14a80ff84411c1ed2ebb8a7787e26b83cdca568dcd2eb95e108729fsha512: 3f9805ce663580d730df73de61b1ad47b8e92eb8ed5d585aa3d9893ccc5eeec6df88f1d61030cd7b624d4214365a88c81d85ab367dacc538d8f809558d7bf5acssdeep: 3072:IDKW1LgppLRHMY0TBfJvjcTp5XydVC+YjqWy1oFs8qNSAbx2fzgxDmnzVGp:IDKW1Lgbdl0TBBvjc/z+ZBMAMfzz2type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14634CF2171D0C2B3C4B7113584E6CB3A9A7930714B6AD6D7B6DD1BBA5F203E1A3362C9sha3_384: c0b302aa502d5a434ea8f50c683f9f13291f351d5d944a62388ae21c62c2996383e0b8bf63c885d794b58f34f3e6a85cep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: WindowsApp11dorkyazarFileVersion: 1.0.0.0InternalName: Green Joomla.exeLegalCopyright: Copyright © 2021LegalTrademarks: OriginalFilename: Green Joomla.exeProductName: WindowsApp11dorkyazarProductVersion: 1.0.0.0Assembly Version: 1.0.0.0
Trojan-PSW.Win32.Disco.hto also known as:
| Bkav | W32.AIDetect.malware2 |
| Lionic | Trojan.Win32.Convagent.b!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.38136605 |
| FireEye | Generic.mg.53f148cfd91f0806 |
| CAT-QuickHeal | Ransom.Genasom.S1302864 |
| ALYac | Trojan.GenericKD.38136605 |
| Cylance | Unsafe |
| K7AntiVirus | Riskware ( 00584baa1 ) |
| K7GW | Riskware ( 00584baa1 ) |
| Cybereason | malicious.ff677c |
| BitDefenderTheta | Gen:NN.ZexaF.34084.oq0@aujH1cd |
| Cyren | W32/Trojan.DAN.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| TrendMicro-HouseCall | TROJ_GEN.R002C0WL221 |
| Cynet | Malicious (score: 100) |
| Kaspersky | Trojan-PSW.Win32.Disco.hto |
| BitDefender | Trojan.GenericKD.38136605 |
| Avast | Win32:Malware-gen |
| Rising | [email protected] (RDMK:mjhZ4OfwX0AGb8AkCiFaAw) |
| Ad-Aware | Trojan.GenericKD.38136605 |
| Sophos | Mal/Generic-S |
| TrendMicro | TROJ_GEN.R002C0WL221 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dc |
| Emsisoft | Trojan.GenericKD.38136605 (B) |
| GData | Trojan.GenericKD.38136605 |
| MaxSecure | Trojan.Malware.300983.susgen |
| Avira | TR/Redcap.glibh |
| ViRobot | Trojan.Win32.Z.Sabsik.233472.A |
| Microsoft | Backdoor:Win32/Bladabindi!ml |
| AhnLab-V3 | Trojan/Win.Generic.C4801924 |
| Acronis | suspicious |
| McAfee | Artemis!53F148CFD91F |
| MAX | malware (ai score=80) |
| VBA32 | TrojanDropper.Convagent |
| Malwarebytes | MachineLearning/Anomalous.93% |
| APEX | Malicious |
| SentinelOne | Static AI – Malicious PE |
| eGambit | Unsafe.AI_Score_99% |
| Fortinet | W32/PossibleThreat |
| AVG | Win32:Malware-gen |
| CrowdStrike | win/malicious_confidence_80% (D) |
Leave a Comment