Malware.AI.3274016749 removal instruction

The Malware.AI.3274016749 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3274016749 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Malware.AI.3274016749?


File Info:
name: 1C33FA0B901535B0EDAD.mlw
path: /opt/CAPEv2/storage/binaries/4659d3444711e5defac86d07cb48832a4903ae5288d2ddb5e6c5b42ae6b089bf
crc32: 95C117D0
md5: 1c33fa0b901535b0edad5b9efade4733
sha1: 6759ede8dc0e40f625b8a4c7bb4e58a22240a803
sha256: 4659d3444711e5defac86d07cb48832a4903ae5288d2ddb5e6c5b42ae6b089bf
sha512: 304f28780c59d6e335583c47b877380b96690855562c9933674989ee685b4697acc89710cdbde9bc1de5b3c43256da8fbe3444f4cfb9cf1facf5a7be4334d59d
ssdeep: 24576:QsZba8vUqftx+y3Nr20kNceLdgXBegQ8nEHwBJUMYV3:jG4UMx+2pjkNce+xegQ8nqwBJUMQ3
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T14B455A19DB9B45D4D17AB5758A228632FF7278404A31B30BC390A12E0EEF5B7DE36721
sha3_384: 2fd724955d3bbbf2026f6f39524b8f54d314974d231087b933ed6bcc98cf2d2ab5820740f1abf4259b26d2cc2e8eb64f
ep_bytes: 475150455243b96000000065498b0145
timestamp: 1992-09-08 12:51:16

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Application Virtualization Client Service
FileVersion: 10.0.17134.1276 (WinBuild.160101.0800)
InternalName: AppVClient.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: AppVClient.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1276
Translation: 0x0409 0x04b0

Malware.AI.3274016749 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.1c33fa0b901535b0
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
CrowdStrike	win/malicious_confidence_90% (D)
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Ulise-9891067-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
TrendMicro	Virus.Win64.EXPIRO.MR
SentinelOne	Static AI – Malicious PE
Sophos	ML/PE-A + W64/Expiro-AX
Ikarus	Virus.Win64.Expiro
GData	Win64.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.akq
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
ALYac	Win64.Expiro.Gen.6
Malwarebytes	Malware.AI.3274016749
APEX	Malicious
MAX	malware (ai score=80)
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
Cybereason	malicious.8dc0e4
MaxSecure	virus.win64.expiro.gen

How to remove Malware.AI.3274016749?

Malware.AI.3274016749 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X