How to remove “Malware.AI.3217865479”?

The Malware.AI.3217865479 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3217865479 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Reads data out of its own binary image
Authenticode signature is invalid

How to determine Malware.AI.3217865479?


File Info:
name: 995877A3C18450F5FE93.mlw
path: /opt/CAPEv2/storage/binaries/d9c7d3392c1ee1b924601977d119173f417aa4a126f4900fe51f447688597176
crc32: 9524FD97
md5: 995877a3c18450f5fe931997f9cf094b
sha1: 29648f4dd51170ef06e01314ef79b5885281df6d
sha256: d9c7d3392c1ee1b924601977d119173f417aa4a126f4900fe51f447688597176
sha512: 44b9f9844fe9920ba59c09f06512f3119fd77044d3ceff58cc7a883c1cb19e4eed7a4a3be6d8816da0e63225f9dfd56a7c4e4d31872174f4961446d97fb32d61
ssdeep: 6144:NQV9aeyJha0WWHLBcVAhql5AOOZWgv2maZ:qVIhN7rBcVAC5dgvk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F848F927561C5B3E25137B5C8A8FB314959A4213F33C6CBAF5436AEC9B12C019336FA
sha3_384: c1baf7eec8844bb59ae0db8ac4496b67693245dd01049381f19552767a9d85dae615048d1699f43c97b408d354b1fa42
ep_bytes: e83a920000e989feffffff35040d4400
timestamp: 2015-04-06 19:46:26

Version Info:
CompanyName: InstallationSafe
FileDescription: Setup Installer
FileVersion: 1.0.0.1
InternalName: setup.exe
LegalCopyright: Copyright (C) 2015
OriginalFilename: setup.exe
ProductName: Setup Installer
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Malware.AI.3217865479 also known as:

Lionic	Riskware.Win32.AddGazelle.1!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Application.Bundler.AddGazelle.A
FireEye	Application.Bundler.AddGazelle.A
CAT-QuickHeal	Trojan.IGENERIC
ALYac	Application.Bundler.AddGazelle.A
Cylance	Unsafe
Zillya	Tool.Bundler.Win32.5222
K7AntiVirus	Adware ( 004bcfd51 )
K7GW	Adware ( 004bcfd51 )
Cybereason	malicious.3c1845
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/AdGazelle.F potentially unwanted
APEX	Malicious
BitDefender	Application.Bundler.AddGazelle.A
NANO-Antivirus	Riskware.Win32.Adw.dtfots
SUPERAntiSpyware	PUP.Bundler/Variant
Avast	Win32:Malware-gen
Ad-Aware	Application.Bundler.AddGazelle.A
Emsisoft	Application.Bundler.AddGazelle.A (B)
Comodo	Application.Win32.AdGazelle.FD@5pkjs7
DrWeb	Adware.Downware.12512
VIPRE	Trojan.Win32.Generic.pak!cobra
TrendMicro	TROJ_GEN.R002C0PL321
McAfee-GW-Edition	PUP-XAL-NT
Sophos	Generic PUA CJ (PUA)
Ikarus	PUA.AdGazelle
GData	Application.Bundler.AddGazelle.A
Avira	ADWARE/AdGazelle.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.151501C
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	PUP/Win32.Generic.R142591
McAfee	PUP-XAL-NT
MAX	malware (ai score=77)
VBA32	Adware.Downware
Malwarebytes	Malware.AI.3217865479
TrendMicro-HouseCall	TROJ_GEN.R002C0PL321
Rising	Trojan.Generic@ML.100 (RDML:vpkO12w1QZ7srOCLpP4dYA)
Yandex	Riskware.Agent!nw465m0T76o
eGambit	Unsafe.AI_Score_96%
Fortinet	Riskware/AdGazelle
BitDefenderTheta	Gen:NN.ZexaF.34084.xu0@aeyJkOgi
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Malware.AI.3217865479?

Malware.AI.3217865479 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X