Should I remove “Malware.AI.2918636191”?

The Malware.AI.2918636191 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2918636191 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Malware.AI.2918636191?


File Info:
name: 2D31D7B668C29D05B335.mlw
path: /opt/CAPEv2/storage/binaries/cab514d99350d827bfef2cb365c5fe177c131573b1d84e30e02926b9fe3bae55
crc32: 22840AC2
md5: 2d31d7b668c29d05b3352800969f0620
sha1: 4915c2590097a348cd2ab99640c848da32486962
sha256: cab514d99350d827bfef2cb365c5fe177c131573b1d84e30e02926b9fe3bae55
sha512: da024404e620f8655e6f52cbfc124c306e38597b286129a692826ff6d4bb5dc3b730bc3b714682518d045c58f8aa2f63cb627c46d8e6592bf38dd2168a8eadf0
ssdeep: 12288:lUACerzUl4TcVVUq2PbzjXvy9fnB3wHR1TCbCswU3bvZTics9TMnk9R+yE:E1VVSyBnW/2GOzZrSME
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E915FDB1F9E99829F2B3D6335AF47E61872B6B32262E77C930F1134A0D325416D5C0AD
sha3_384: 6ddce76aad8c79c3ebb25879b73ef8ed66aacd9c21d95b68d629bb6374476ed2ff8f0df573b819df33f18114e7e47114
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-13 03:31:04

Version Info:
Translation: 0x0000 0x04b0
Comments: Windows 服务主进程
CompanyName: Microsoft Corporation
FileDescription: svchost.exe
FileVersion: 2.4.4.4758
InternalName: svchost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: svchost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 2.4.4.4758
Assembly Version: 6.7.3.4418

Malware.AI.2918636191 also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Heur.MSIL.Krypt.!cdmip!.2
FireEye	Generic.mg.2d31d7b668c29d05
McAfee	Artemis!2D31D7B668C2
Cylance	Unsafe
VIPRE	Gen:Heur.MSIL.Krypt.!cdmip!.2
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 00592ee01 )
BitDefender	Gen:Heur.MSIL.Krypt.!cdmip!.2
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Trojan.DIS.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AFDE
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.GenericML.xnet
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware	Gen:Heur.MSIL.Krypt.!cdmip!.2
Emsisoft	Gen:Heur.MSIL.Krypt.!cdmip!.2 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.ct
Trapmine	suspicious.low.ml.score
Ikarus	Trojan.MSIL.Crypt
Avira	HEUR/AGEN.1248318
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.MSIL.Krypt.!cdmip!.2
GData	Gen:Heur.MSIL.Krypt.!cdmip!.2
Google	Detected
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.34646.1m0@a4M5Sbn
MAX	malware (ai score=84)
VBA32	CIL.StupidStealth.Heur
Malwarebytes	Malware.AI.2918636191
Tencent	Trojan.Win32.Coinminer.16000500
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Lazy.1756!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.668c29
Avast	Win32:Trojan-gen

How to remove Malware.AI.2918636191?

Malware.AI.2918636191 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X