Malware

How to remove “Heur.Variadic.Prometei.A (B)”?

Malware Removal

The Heur.Variadic.Prometei.A (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Heur.Variadic.Prometei.A (B) virus can do?

  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine Heur.Variadic.Prometei.A (B)?



File Info:

name: 9094BBF52BD2FB2F05A7.mlw
path: /opt/CAPEv2/storage/binaries/b9d464a2fcf5fc37f0a0bb90921f9706ef9c0410a0b6274eeae6c90b931cfaf9
crc32: 7E0E2F20
md5: 9094bbf52bd2fb2f05a79b0adcb02082
sha1: 0e82b53084d77d0110c49b55b3db5f16e387259b
sha256: b9d464a2fcf5fc37f0a0bb90921f9706ef9c0410a0b6274eeae6c90b931cfaf9
sha512: 9c3799166dcd960464ab42d53f54d553fbd41f5eb946673187c0b78c17cc207e1999b81eaf15fa237d4bfabdd615104a8a7686c6aab0c539f2dcec73645d6576
ssdeep: 6144:ZJgUZUpotyuZkmF8qVtocgUtOqEdEb9Hjt:ZJAp0HZyEpgYDEib9Hx
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1DB44F1232CA86F08D5335734B51B6F3902F54B1F2B7A56ACFAFE0BA5A1395005F1318A
sha3_384: eb2dca1b8f8e7eaa65c85df98a78e1a2e3e7239e60d93da22f4907a5d336821b62e0bd05a6f8c3696b52d340c5661885
ep_bytes: 53565755488d35951efcff488dbe0070
timestamp: 2021-11-18 17:58:53


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Host Process for Windows Service
FileVersion: 2.0.0.0
InternalName: sqhost.exe
LegalCopyright: Copyright (C) 2016
OriginalFilename: sqhost.exe
ProductName: sqhost.exe
ProductVersion: 2.0.0.0
Translation: 0x0409 0x04b0

Heur.Variadic.Prometei.A (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Variadic.Prometei.A
MalwarebytesTrojan.BitCoinMiner
Cybereasonmalicious.52bd2f
ESET-NOD32a variant of Win64/Agent.XF
APEXMalicious
AvastWin64:DropperX-gen [Drp]
BitDefenderGen:Heur.Variadic.Prometei.A
Ad-AwareGen:Heur.Variadic.Prometei.A
SophosTroj/Miner-AAZ
McAfee-GW-EditionBehavesLike.Win64.Fake.dc
FireEyeGeneric.mg.9094bbf52bd2fb2f
EmsisoftGen:Heur.Variadic.Prometei.A (B)
GDataGen:Heur.Variadic.Prometei.A
eGambitUnsafe.AI_Score_92%
AviraHEUR/AGEN.1140127
MAXmalware (ai score=86)
ArcabitTrojan.Variadic.Prometei.A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.CoinMiner.R413841
ALYacGen:Heur.Variadic.Prometei.A
CylanceUnsafe
TencentMalware.Win32.Gencirc.11d8494c
YandexTrojan.Agent!Agx7Z4q8cJg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGWin64:DropperX-gen [Drp]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Heur.Variadic.Prometei.A (B)?

Heur.Variadic.Prometei.A (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment