Malware.AI.2354016836 removal tips

The Malware.AI.2354016836 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2354016836 virus can do?

Behavioural detection: Executable code extraction – unpacking
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.2354016836?


File Info:
name: CCAEE4F0E191CC04B8D2.mlw
path: /opt/CAPEv2/storage/binaries/6dbf7a0f4c58d721cd8c98e052000dec191129708bd001cc90101a9587b337b8
crc32: 25250994
md5: ccaee4f0e191cc04b8d2a141fde0cd54
sha1: 8bc09b6bbc9178bec890bc4b7c4cdace593ca15e
sha256: 6dbf7a0f4c58d721cd8c98e052000dec191129708bd001cc90101a9587b337b8
sha512: 5ef95b7db81594e6b3066a6b57e44e55bdb0dfae0254693d0bd5bfcdb8d677903d4b6bf0d3c011648772813ba856d743ba1e8f81f3bae262d78dd7cb8bab86e7
ssdeep: 6144:AjPL64wcnS75w7lCKOMdIBbbwb3nliywTG+bTRGKE9nKKWzsjztNNvqM2kJE:g7wcnlR9dI1bwzBA1tUKrczt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2945B78D3252CCCC53FAE3838D9F5C49954E770323E9452DCEB6859C2ACBBA43A8546
sha3_384: b07a38a343452feac1bc8bf9805812addab0ef46456ed572e1f3a656391f85fb3863f69d44486b9a4d97f5287017fec2
ep_bytes: 525053ba18000000648b0203c201d08b
timestamp: 2009-09-06 12:45:27

Version Info:
CompanyName: Microsoft Corporation
FileDescription: COM Surrogate
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: dllhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: dllhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Malware.AI.2354016836 also known as:

Bkav	W32.Expiro2NHc.PE
MicroWorld-eScan	Win32.Expiro.Gen.6
ClamAV	Win.Virus.Expiro-9905249-0
FireEye	Generic.mg.ccaee4f0e191cc04
ALYac	Win32.Expiro.Gen.6
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 00580a951 )
K7GW	Virus ( 00580a951 )
CrowdStrike	win/malicious_confidence_100% (D)
VirIT	Win32.Expiro.CU
Cyren	W32/Expiro.AH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Expiro.NDJ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Virus.Win32.Expiro.gen
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Tencent	Trojan.Win32.Expiro.za
Ad-Aware	Win32.Expiro.Gen.6
Emsisoft	Win32.Expiro.Gen.6 (B)
DrWeb	Win32.Expiro.153
VIPRE	Win32.Expiro.Gen.6
McAfee-GW-Edition	BehavesLike.Win32.Virut.gc
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + W32/Expiro-AV
Ikarus	Virus.Win32.Expiro
GData	Win32.Expiro.Gen.6
Avira	W32/Infector.Gen8
Antiy-AVL	Trojan/Generic.ASVirus.30E
Arcabit	Win32.Expiro.Gen.6
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Malware/Win.Generic.R426283
McAfee	W32/Expiro.gen.rd
MAX	malware (ai score=85)
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.AI.2354016836
SentinelOne	Static AI – Malicious PE
MaxSecure	virus.win64.expiro.gen
Fortinet	W32/Xpirat.C
BitDefenderTheta	AI:Packer.C00A29E71E
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.0e191c

How to remove Malware.AI.2354016836?

Malware.AI.2354016836 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X