How to remove “Mal/Palevo-A”?

The Mal/Palevo-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/Palevo-A virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Mal/Palevo-A?


File Info:
name: 049A863DF85CF294625A.mlw
path: /opt/CAPEv2/storage/binaries/7cf2dc595786740b091e85725b33d50791137c3e808faeca06e303e51bde877d
crc32: 887A2A47
md5: 049a863df85cf294625a6f3cbeda5150
sha1: db6efe2c4222a91c438a692a8b900d906fe3c90f
sha256: 7cf2dc595786740b091e85725b33d50791137c3e808faeca06e303e51bde877d
sha512: 7d9c2dc5ea7d0836005367ac5b95decce394e1f749a810f136dc4296e2e767bf2516fc49ae5885f1298afc98928e07a021499da54f7ac88dc539808ed0a29f87
ssdeep: 12288:lvSbJxPRC+XQSxb6Dc7Rw6iq7VagXSPn1kc/GdmHe:AbJV8kVxb6Y+6q0mnWc+W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D205BF17AD81807AD2A6343005DD72B4E7F8E9B8542E372B67C0E5AE3C35706DF23A56
sha3_384: 518e5cf7be43f146155457d6ac79151f3ddfb4d8701460c55cd2ee80ea79e3b7e8622196c3a2ab5a69bb043faf14df3f
ep_bytes: e84bfdffff6a5868e82e0101e8eb99ff
timestamp: 2010-11-20 09:40:45

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows Calculator
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: CALC
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CALC.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7601.17514
Translation: 0x0409 0x04b0

Mal/Palevo-A also known as:

Lionic	Trojan.Win32.Generic.4!c
McAfee	Artemis!049A863DF85C
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/Kryptik.147ab7df
VirIT	Trojan.Win32.Generic.JHI
Cyren	W32/Sasfis.I.gen!Eldorado
Symantec	W32.Pilleuz
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Bflient.Y
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Kazy-1318
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Kazy.rpyqb
Avast	Win32:Morphex [Cryp]
Tencent	Malware.Win32.Gencirc.10bad33b
Sophos	Mal/Palevo-A
Comodo	TrojWare.Win32.VBObfus.LWG@59a8zr
DrWeb	Win32.HLLW.Autoruner1.23941
TrendMicro	WORM_PALEVO.SMXI
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.cc
Ikarus	P2P-Worm.Win32.Palevo
Avira	TR/Patched.Ren.Gen2
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Occamy.C7C
Cynet	Malicious (score: 99)
MAX	malware (ai score=100)
VBA32	BScope.P2P-Worm.Palevo
TrendMicro-HouseCall	WORM_PALEVO.SMXI
Rising	Trojan.Win32.Generic.192E6A0B (C64:YzY0OqsMVCkPSC+LfYHFe+DCZQw)
Fortinet	W32/Generic.AC.2DEFBA!tr
AVG	Win32:Morphex [Cryp]
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Mal/Palevo-A?

Mal/Palevo-A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X