Trojan-PSW.Win32.Disco

by Robert Bailey
June 26, 2023
When you encounter an alert for the detection of Trojan-PSW.Win32.Disco, it indicates that your system is potentially compromised. It’s important to understand that all viruses pose a significant threat without exceptions. Disco is a type of malicious software designed to steal passwords from your computer.

Trojan-PSW.Win32.Disco employs various techniques to evade detection by malware scanners and utilizes secure connections to transmit data to a command server. The actions of this malware often lead to loss of access to your accounts and compromise of your identity. Furthermore, certain variants of Disco are capable of delivering other malicious programs to the infected system.

Every form of malware has a singular objective – to generate profits at your expense. The programmers behind these malicious entities are unconcerned with morality and employ every possible tactic. Their actions involve stealing your private data, earning commissions from the banners you unwittingly view, and exploiting your system’s components to mine cryptocurrencies, among other activities. This list is not exhaustive, as there are various other ways they exploit and harm unsuspecting users. The question of whether anyone would willingly choose to be a mere pawn in their schemes is rhetorical.

What does the notification with Trojan-PSW.Win32.Disco detection mean?

The Trojan-PSW.Win32.Disco detection you are observing in the lower right corner is being presented to you by Microsoft Defender. While this antivirus program is adept at scanning for malware, it can be somewhat unreliable. It is susceptible to malware infiltrations, exhibits a glitchy interface, and may have limitations in its malware removal capabilities. Therefore, the pop-up alert indicating the presence of Disco is merely a notification that Defender has detected it. To effectively remove the malware, it is advisable to consider utilizing another anti-malware program.

Trojan-PSW.Win32.Disco found

Microsoft Defender: “Trojan-PSW.Win32.Disco”

Having Trojan-PSW.Win32.Disco virus on your computer is a bad thing from any point of view. The worst problem is that you will not see anything wrong. Key trick of any spyware is being as stealthy as possible. Some Disco samples are also able to perform self-destruction after collecting all the valuable information present on the PC. After that, it will be nearly impossible to recover the flow of events and figure out how your accounts were hacked. Long-residing variants of spyware can aim at the specific directory or file type. After that, files grabbed in that way will be put for sale on the Darknet – at one of its numerous marketplaces with stolen data.

Spyware Summary:

Name Disco Spyware
Detection Trojan-PSW.Win32.Disco
Damage Steal personal data contained in the attacked system.
Fix Tool See If Your System Has Been Affected by Disco Spyware

Malware actions in the system

Click to expand
  • Attempts to connect to a dead IP:Port (1 unique times);
  • Starts servers listening on 127.0.0.1:0;
  • Performs some HTTP requests to what appears to be command and control servers of this malware

File details

Click to expand
File Info:

crc32: 62F780FCmd5: 4f5d54ddb9c746dd975c30c7c417cf62name: 4F5D54DDB9C746DD975C30C7C417CF62.mlwsha1: 484a44bb6208dbdc32e2725f3d5a2bf311061a3csha256: 235947fbd13febf36746d2e5221484c00afe2ec57c3c12aca1a1e6eea85d22a1sha512: 4539b0066193d2bcc389121963db4265bcee4de7fcb8b974ca8888c3c65e59d1f38715b6dd74210f20d3e0817a04029fe24820c995abe53fdad943f2ef7b6a94ssdeep: 12288:qQ1i9n7UDGl3YoS0kpQxm3FC3DM7VOrmG1O69p9tbqrCnzh7gUL9SI2j4ie0usE:qGIP3W+TTUVOrmG1NqGh7gULo/e0usXtype: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Other detection names for Disco Trojan

Click to expand
GridinSoft Trojan.Ransom.Gen
K7AntiVirus Riskware ( 0040eff71 )
Cynet Malicious (score: 100)
ALYac Trojan.GenericKD.37017184
Cylance Unsafe
Sangfor Infostealer.Win32.Disco.gen
CrowdStrike win/malicious_confidence_90% (W)
K7GW Riskware ( 0040eff71 )
Cybereason malicious.b6208d
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan-PSW.Win32.Disco.gen
BitDefender Trojan.GenericKD.37017184
ViRobot Trojan.Win32.Z.Tasker.763904
MicroWorld-eScan Trojan.GenericKD.37017184
Ad-Aware Trojan.GenericKD.37017184
Sophos Generic ML PUA (PUA)
BitDefenderTheta Gen:NN.ZexaF.34722.UuW@aW!bBSpi
McAfee-GW-Edition BehavesLike.Win32.Ransomware.bh
FireEye Generic.mg.4f5d54ddb9c746dd
Emsisoft Trojan.GenericKD.37017184 (B)
SentinelOne Static AI – Suspicious PE
Jiangmin Trojan.Tasker.apf
Microsoft Trojan:Win32/Wacatac.B!ml
Arcabit Trojan.Generic.D234D660
AegisLab Trojan.Win32.Cossta.4!c
GData Trojan.GenericKD.37017184
McAfee Artemis!4F5D54DDB9C7
MAX malware (ai score=89)
Panda Trj/GdSda.A
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Disco!tr.pws
AVG Win32:Malware-gen
Paloalto generic.ml

Is Trojan-PSW.Win32.Disco dangerous?

As I said before, any malware is dangerous. And Trojan-PSW.Win32.Disco is not even close to making more disturbance than real damage. The most deceptive characteristic of this malware is the fact you cannot observe its activity by any means, other than with the use of anti-malware software scanning. And while you don’t have a clue, fraudsters who implemented their malware to your system are starting to count the money. Darknet forums offer numerous opportunities to market malware logs for a hefty sum – especially when these logs are freshly-collected. And it is a bad idea to imagine what will happen to your accounts when other rascals will put their hands on your credentials.

However, things may have way faster flow. In some cases, crooks are delivering their malware precisely to the user they are attempting to steal from. Spyware is invaluable when it comes to collecting credentials, and some examples aim precisely at online banking accounts or crypto wallets. One may say, giving spyware a run is the same as sending all your money to criminals.

How did I get this virus?

It is difficult to trace the origins of malware on your computer. Nowadays, things are mixed, and distribution tactics used by adware 5 years ago can be used by spyware these days. But if we abstract from the exact distribution way and will think of why it works, the answer will be really basic – low level of cybersecurity awareness. Individuals press on promotions on odd sites, open the pop-ups they receive in their browsers, call the “Microsoft tech support” thinking that the strange banner that says about malware is true. It is necessary to recognize what is legit – to stay away from misunderstandings when attempting to identify a virus.

Microsoft tech support scam

The example of Microsoft Tech support scam banner

Nowadays, there are two of the most common tactics of malware spreading – lure e-mails and also injection into a hacked program. While the first one is not so easy to stay away from – you should know a lot to understand a fake – the 2nd one is very easy to handle: just don’t utilize cracked applications. Torrent-trackers and other providers of “free” applications (which are, actually, paid, but with a disabled license checking) are really a giveaway point of malware. And Trojan-PSW.Win32.Disco is simply within them.

How to remove the Trojan-PSW.Win32.Disco from my PC?

Portuguese (Brazil)

About the author

Robert Bailey

Security engineer focused on malware behavior, removal workflows, and Windows hardening. Robert reviews threat articles for practical accuracy, checking detection names, symptoms, and cleanup steps before publication.

View all posts

Leave a Comment