How to remove “Malware.AI.1805616349”?

The Malware.AI.1805616349 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1805616349 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.1805616349?


File Info:
name: B196AD545E28D385FB17.mlw
path: /opt/CAPEv2/storage/binaries/d5e50f5d3a8e998b16af4d28baf8e41f0fcb87c4690fc7a7f295f1b76277ba11
crc32: 79A1D8EE
md5: b196ad545e28d385fb1771c17b2787fc
sha1: bfb6889f710e24d8625a967891474682d317d851
sha256: d5e50f5d3a8e998b16af4d28baf8e41f0fcb87c4690fc7a7f295f1b76277ba11
sha512: 7a98d5e49153d493e43a50bce57110f2c9539cf8c6e8935fd0beb751ea16662bf17e04291b66b72734052d75abe241efd48a656a31837eb8125a02d99dbc95de
ssdeep: 12288:nZAPqD2bSwcrQW3ug72D8R2IZKjG56jP2:nZAPqa0egqD8R2AKjGkK
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17B947D78F22534CCD56FAF3834D9F8F49994326033166452ACEF1959C3ACB6A83A85C7
sha3_384: f3facf3a8f53449fdfb4016dd7ae3b1d8899b73eac1daf10e0802b7c50533b97748e0db41b0283297c320b41355c7a79
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2014-01-13 16:45:21

Version Info:
CompanyName: Microsoft Corporation
FileDescription: x86 Performance Counter Host
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName: perfhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: perfhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.3.9600.16384
Translation: 0x0409 0x04b0

Malware.AI.1805616349 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.b196ad545e28d385
K7AntiVirus	Virus ( 0058dc741 )
K7GW	Virus ( 0058dc741 )
Cybereason	malicious.45e28d
VirIT	Win32.Expiro.CV
Cyren	W32/Expiro.AN.gen!Eldorado
ESET-NOD32	a variant of Win32/Expiro.CP
APEX	Malicious
ClamAV	Win.Virus.Expiro-9930647-0
Kaspersky	Virus.Win32.Expiro.ns
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Emsisoft	Win32.Expiro.Gen.6 (B)
DrWeb	Win32.Expiro.150
VIPRE	Virus.Win32.Expiro.dp (v)
McAfee-GW-Edition	BehavesLike.Win32.Expiro.gc
Sophos	ML/PE-A + Mal/EncPk-MK
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.PSW.Stealer.abj
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.315
Microsoft	Trojan:Win32/Raccoon.EC!MTB
ZoneAlarm	Virus.Win32.Expiro.ns
GData	Win32.Expiro.Gen.6
Cynet	Malicious (score: 100)
VBA32	BScope.Trojan.Wacatac
ALYac	Win32.Expiro.Gen.6
MAX	malware (ai score=87)
Malwarebytes	Malware.AI.1805616349
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AD
Ikarus	Virus.Win32.Expiro
Fortinet	W32/Expiro.NDG
AVG	Win32:Xpirat-C [Inf]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove Malware.AI.1805616349?

Malware.AI.1805616349 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X