How to remove “Malware.AI.2666745678”?

The Malware.AI.2666745678 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2666745678 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.2666745678?


File Info:
name: 7D4710726FD306D6B898.mlw
path: /opt/CAPEv2/storage/binaries/873d5cd7eca50676619cf0f237b8648b4bd0cb94711b249d55df41e99e93cfbc
crc32: D6910E26
md5: 7d4710726fd306d6b898c660014b4e7e
sha1: f2606e63ed60082faf230eca0fed0315bde39ba5
sha256: 873d5cd7eca50676619cf0f237b8648b4bd0cb94711b249d55df41e99e93cfbc
sha512: 9b8477bb64705f34d58e2126b93c092a05680cb45259fa18af0941260709c2cc136f79ae31e7c029908d980717afd15f4128f44f5acc4988bffa9c8e6d00451e
ssdeep: 6144:JqrlJIpbPGur8FR+9AeukyEuenBsETYFBWcSAsVb0jGPt7Rk8BAK5QCm/3lTRk:elJoLr8HKRuenGETHbsGv55LsO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C3C47D7C9A5510CDC05EAFF837CC75B8C78A2EE4636B60ED78EBB808E674F154298446
sha3_384: 1ddc8df78142f4029e6e9ff15c5031eb9f8b7c7ccbb203281f20d5d27949130f16e85088e4b213c11a0c5b9e0371fb4f
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-10-08 07:53:40

Version Info:
CompanyName: Zhuhai Kingsoft Office Software Co.,Ltd
FileDescription: 
FileVersion: 11,2,0,10382
InternalName: wpsupdate_xa
LegalCopyright: Copyright©2021 Kingsoft Corporation. All rights reserved.
OriginalFilename: wpsupdate_xa.exe
ProductName: WPS Office
ProductVersion: 11,2,0,10382
MIMEType: 
Translation: 0x0000 0x04b0

Malware.AI.2666745678 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.7d4710726fd306d6
ALYac	Win32.Expiro.Gen.6
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.NDG
APEX	Malicious
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Ad-Aware	Win32.Expiro.Gen.6
Emsisoft	Win32.Expiro.Gen.6 (B)
VIPRE	Virus.Win32.Expiro.dp (v)
Sophos	ML/PE-A + Mal/EncPk-MK
GData	Win32.Expiro.Gen.6
Avira	W32/Infector.Gen8
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.AI.2666745678
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Expiro.NDG
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.26fd30

How to remove Malware.AI.2666745678?

Malware.AI.2666745678 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X