Malware

Heur.MSIL.Abuja.2 (B) removal instruction

Malware Removal

The Heur.MSIL.Abuja.2 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Heur.MSIL.Abuja.2 (B) virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • A process created a hidden window
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

Related domains:

ocsp.verisign.com
evcs-ocsp.ws.symantec.com

How to determine Heur.MSIL.Abuja.2 (B)?


File Info:

crc32: EAEDA307
md5: 0d41842832e9c03c70727e9ffb2a5770
name: 0D41842832E9C03C70727E9FFB2A5770.mlw
sha1: 5806042201866b2cf5ee28810d73e60308e3567d
sha256: de01f8656150bf82da3fd183e012c5a0023fe5f750d7a12e8767de06d9cf6fa8
sha512: 287992be657f0ed191a058763cbd0186d26ccc444d77450399956451d93ba7a88b267e98e7ea37d1853b5c102cda3f9f285fc239561af59637477417d361dfa0
ssdeep: 1536:m47yv48dnSBsmsQcWWA0O4PafMj/2tPf/wWxw4/HfDx1VYbmLwYT2U:j7k47sicDt7PZ+tYWxj/HfDHVgm8YTD
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: Copyright (c) Nitro. All rights reserved.
InternalName: setup
FileVersion: 9.5.3.8
CompanyName: Nitro
ProductName: Nitro Pro 9
ProductVersion: 9.5.3.8
FileDescription: Nitro Pro 9
OriginalFilename: nitro_pro9.exe
Translation: 0x0409 0x04e4

Heur.MSIL.Abuja.2 (B) also known as:

K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen1.44868
CynetMalicious (score: 100)
ALYacGen:Heur.MSIL.Abuja.2
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaVirTool:MSIL/Injector.072a0bb8
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.832e9c
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.NBJ
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Dropper.Fareit-9857196-1
KasperskyHEUR:Trojan-Dropper.Win32.Generic
BitDefenderGen:Heur.MSIL.Abuja.2
NANO-AntivirusTrojan.Win32.TrjGen.dzftni
MicroWorld-eScanGen:Heur.MSIL.Abuja.2
TencentWin32.Trojan.Falsesign.Gll
Ad-AwareGen:Heur.MSIL.Abuja.2
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1114859
BitDefenderThetaGen:NN.ZemsilF.34686.km1@a8o4zoci
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionGenericRXER-GI!0D41842832E9
FireEyeGeneric.mg.0d41842832e9c03c
EmsisoftGen:Heur.MSIL.Abuja.2 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1114859
eGambitUnsafe.AI_Score_71%
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftVirTool:MSIL/Injector.II!bit
ArcabitTrojan.MSIL.Abuja.2
GDataGen:Heur.MSIL.Abuja.2
AhnLab-V3Trojan/Win.Generic.C4443799
McAfeeGenericRXER-GI!0D41842832E9
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R02DC0DDT21
RisingTrojan.Generic!8.C3 (CLOUD)
IkarusTrojan.MSIL.Injector
FortinetMSIL/Kryptik.EPT!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Heur.MSIL.Abuja.2 (B)?

Heur.MSIL.Abuja.2 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment