Written by Robert Bailey
When you encounter an alert for the detection of Trojan-PSW.Win32.Disco, it indicates that your system is potentially compromised. It’s important to understand that all viruses pose a significant threat without exceptions. Disco is a type of malicious software designed to steal passwords from your computer.

Trojan-PSW.Win32.Disco employs various techniques to evade detection by malware scanners and utilizes secure connections to transmit data to a command server. The actions of this malware often lead to loss of access to your accounts and compromise of your identity. Furthermore, certain variants of Disco are capable of delivering other malicious programs to the infected system.

Every form of malware has a singular objective – to generate profits at your expense. The programmers behind these malicious entities are unconcerned with morality and employ every possible tactic. Their actions involve stealing your private data, earning commissions from the banners you unwittingly view, and exploiting your system’s components to mine cryptocurrencies, among other activities. This list is not exhaustive, as there are various other ways they exploit and harm unsuspecting users. The question of whether anyone would willingly choose to be a mere pawn in their schemes is rhetorical.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

What does the notification with Trojan-PSW.Win32.Disco detection mean?

The Trojan-PSW.Win32.Disco detection you are observing in the lower right corner is being presented to you by Microsoft Defender. While this antivirus program is adept at scanning for malware, it can be somewhat unreliable. It is susceptible to malware infiltrations, exhibits a glitchy interface, and may have limitations in its malware removal capabilities. Therefore, the pop-up alert indicating the presence of Disco is merely a notification that Defender has detected it. To effectively remove the malware, it is advisable to consider utilizing another anti-malware program.

Trojan-PSW.Win32.Disco found

Microsoft Defender: “Trojan-PSW.Win32.Disco”

Having Trojan-PSW.Win32.Disco virus on your computer is a bad thing from any point of view. The worst problem is that you will not see anything wrong. Key trick of any spyware is being as stealthy as possible. Some Disco samples are also able to perform self-destruction after collecting all the valuable information present on the PC. After that, it will be nearly impossible to recover the flow of events and figure out how your accounts were hacked. Long-residing variants of spyware can aim at the specific directory or file type. After that, files grabbed in that way will be put for sale on the Darknet – at one of its numerous marketplaces with stolen data.

Spyware Summary:

Name Disco Spyware
Detection Trojan-PSW.Win32.Disco
Damage Steal personal data contained in the attacked system.
Fix Tool See If Your System Has Been Affected by Disco Spyware

Malware actions in the system

Click to expand
  • Attempts to connect to a dead IP:Port (1 unique times);
  • Starts servers listening on;
  • Performs some HTTP requests to what appears to be command and control servers of this malware

File details

Click to expand

File Info:

crc32: 62F780FC
md5: 4f5d54ddb9c746dd975c30c7c417cf62
name: 4F5D54DDB9C746DD975C30C7C417CF62.mlw
sha1: 484a44bb6208dbdc32e2725f3d5a2bf311061a3c
sha256: 235947fbd13febf36746d2e5221484c00afe2ec57c3c12aca1a1e6eea85d22a1
sha512: 4539b0066193d2bcc389121963db4265bcee4de7fcb8b974ca8888c3c65e59d1f38715b6dd74210f20d3e0817a04029fe24820c995abe53fdad943f2ef7b6a94
ssdeep: 12288:qQ1i9n7UDGl3YoS0kpQxm3FC3DM7VOrmG1O69p9tbqrCnzh7gUL9SI2j4ie0usE:qGIP3W+TTUVOrmG1NqGh7gULo/e0usX
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Other detection names for Disco Trojan

Click to expand
GridinSoft Trojan.Ransom.Gen
K7AntiVirus Riskware ( 0040eff71 )
Cynet Malicious (score: 100)
ALYac Trojan.GenericKD.37017184
Cylance Unsafe
Sangfor Infostealer.Win32.Disco.gen
CrowdStrike win/malicious_confidence_90% (W)
K7GW Riskware ( 0040eff71 )
Cybereason malicious.b6208d
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan-PSW.Win32.Disco.gen
BitDefender Trojan.GenericKD.37017184
ViRobot Trojan.Win32.Z.Tasker.763904
MicroWorld-eScan Trojan.GenericKD.37017184
Ad-Aware Trojan.GenericKD.37017184
Sophos Generic ML PUA (PUA)
BitDefenderTheta Gen:NN.ZexaF.34722.UuW@aW!bBSpi
Emsisoft Trojan.GenericKD.37017184 (B)
SentinelOne Static AI – Suspicious PE
Jiangmin Trojan.Tasker.apf
Microsoft Trojan:Win32/Wacatac.B!ml
Arcabit Trojan.Generic.D234D660
AegisLab Trojan.Win32.Cossta.4!c
GData Trojan.GenericKD.37017184
McAfee Artemis!4F5D54DDB9C7
MAX malware (ai score=89)
Panda Trj/GdSda.A
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Disco!tr.pws
AVG Win32:Malware-gen

Is Trojan-PSW.Win32.Disco dangerous?

As I said before, any malware is dangerous. And Trojan-PSW.Win32.Disco is not even close to making more disturbance than real damage. The most deceptive characteristic of this malware is the fact you cannot observe its activity by any means, other than with the use of anti-malware software scanning. And while you don’t have a clue, fraudsters who implemented their malware to your system are starting to count the money. Darknet forums offer numerous opportunities to market malware logs for a hefty sum – especially when these logs are freshly-collected. And it is a bad idea to imagine what will happen to your accounts when other rascals will put their hands on your credentials.

However, things may have way faster flow. In some cases, crooks are delivering their malware precisely to the user they are attempting to steal from. Spyware is invaluable when it comes to collecting credentials, and some examples aim precisely at online banking accounts or crypto wallets. One may say, giving spyware a run is the same as sending all your money to criminals.

How did I get this virus?

It is difficult to trace the origins of malware on your computer. Nowadays, things are mixed, and distribution tactics used by adware 5 years ago can be used by spyware these days. But if we abstract from the exact distribution way and will think of why it works, the answer will be really basic – low level of cybersecurity awareness. Individuals press on promotions on odd sites, open the pop-ups they receive in their browsers, call the “Microsoft tech support” thinking that the strange banner that says about malware is true. It is necessary to recognize what is legit – to stay away from misunderstandings when attempting to identify a virus.

Microsoft tech support scam

The example of Microsoft Tech support scam banner

Nowadays, there are two of the most common tactics of malware spreading – lure e-mails and also injection into a hacked program. While the first one is not so easy to stay away from – you should know a lot to understand a fake – the 2nd one is very easy to handle: just don’t utilize cracked applications. Torrent-trackers and other providers of “free” applications (which are, actually, paid, but with a disabled license checking) are really a giveaway point of malware. And Trojan-PSW.Win32.Disco is simply within them.

How to remove the Trojan-PSW.Win32.Disco from my PC?

Trojan-PSW.Win32.Disco malware is incredibly hard to remove by hand. It places its files in a variety of locations throughout the disk, and can get back itself from one of the elements. Additionally, numerous modifications in the windows registry, networking settings and Group Policies are quite hard to identify and revert to the original. It is far better to utilize a specific tool – exactly, an anti-malware tool. GridinSoft Anti-Malware will definitely fit the most ideal for malware elimination reasons.

Why GridinSoft Anti-Malware? It is pretty lightweight and has its databases updated just about every hour. Additionally, it does not have such problems and exploits as Microsoft Defender does. The combination of these details makes GridinSoft Anti-Malware perfect for taking out malware of any form.

Remove the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of Disco the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - Trojan-PSW.Win32.Disco removed
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Portuguese (Brazil)

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply