About “Johnnie.344590” infection

The Johnnie.344590 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Johnnie.344590 virus can do?

Presents an Authenticode digital signature
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Johnnie.344590?


File Info:
name: 4D8DBE3CC31D98E91E1F.mlw
path: /opt/CAPEv2/storage/binaries/ea7d8cff0379eb590c01ce8d18cfaa922267036382107cbaec7bdfbbcf20bf56
crc32: 8EB8B7A0
md5: 4d8dbe3cc31d98e91e1f46a3f9566455
sha1: 4520e70fddaa77e3b47ae2b6404f932674470072
sha256: ea7d8cff0379eb590c01ce8d18cfaa922267036382107cbaec7bdfbbcf20bf56
sha512: 6d794a564f51fa980a5e1d191b5c6d4787276d1f7538756c79152564d93659b14329499df0ec863404964b0c35de825a30bfd52ae48c21472382089c46725bff
ssdeep: 3072:RaDqkraszP5lJwQWQWUq3mWeQ8qYBdYQzHmXsNpSWiOXFgrKzGwLKR8:RaDqknzPzOQ9zFQ8TBdYQz055IwKPC8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B441631B5808462E6764D3C6CA38A625DBBFD21CFE09DE727483E6D0AF02D0562597F
sha3_384: ed5aa6d7c70f8421977ce3d0b492311a142968137503d2f2d554df495dca810aa94bd8fb802c7a7d358b6b1ff6d99677
ep_bytes: c3c3c3c3c3c3c3c3ffffcccccccccccc
timestamp: 2020-05-13 12:52:48

Version Info:
CompanyName: Avira Operations GmbH & Co. KG
FileDescription: Предоставить права администратора приложению Avira Antivirus
FileVersion: 15.0.2005.1880
InternalName: AdministrativeRightsProvider-ru-ru.exe
LegalCopyright: Copyright © 2020 Avira Operations GmbH & Co. KG and its Licensors
OriginalFilename: AdministrativeRightsProvider-ru-ru.exe
ProductName: Avira Product Family
ProductVersion: 15.0.2005.1880
Translation: 0x0000 0x04b0

Johnnie.344590 also known as:

Lionic	Trojan.Win32.Johnnie.4!c
MicroWorld-eScan	Gen:Variant.Johnnie.344590
FireEye	Gen:Variant.Johnnie.344590
McAfee	Artemis!4D8DBE3CC31D
Cylance	Unsafe
Cybereason	malicious.cc31d9
Cyren	W32/Patched.Y.gen!Eldorado
Avast	FileRepMalware
BitDefender	Gen:Variant.Johnnie.344590
Rising	Junk.FileBroken!1.9A81 (CLASSIC)
Ad-Aware	Gen:Variant.Johnnie.344590
Emsisoft	Gen:Variant.Johnnie.344590 (B)
BitDefenderTheta	AI:Packer.394FD79320
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis
Sophos	Generic PUA EF (PUA)
Paloalto	generic.ml
GData	Gen:Variant.Johnnie.344590
eGambit	PE.Heur.InvalidSig
Avira	W32/Sality.Patched
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Johnnie.344590
MAX	malware (ai score=82)
TrendMicro-HouseCall	TROJ_GEN.R002H09F121
MaxSecure	Trojan.Malware.118736087.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware

How to remove Johnnie.344590?

Johnnie.344590 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X