Malware

How to remove “Malware.AI.3288043862”?

Malware Removal

The Malware.AI.3288043862 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3288043862 virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • A process created a hidden window
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Creates a copy of itself
  • Attempts to create or modify system certificates

Related domains:

whatismyipaddress.com

How to determine Malware.AI.3288043862?



File Info:

crc32: 492717D5
md5: 3b0560b6e6ecd2916efc8b87a0cf91e3
name: 3B0560B6E6ECD2916EFC8B87A0CF91E3.mlw
sha1: 3b0a72fe3d52fc4f73e992e8f403d64eb9fd2e0f
sha256: ce4f78f4a6adf3c23d737869bb3532384e40e6adb90c1e1e28435d140830e3fe
sha512: b31edc3d826fc28ef95aaf30aedb5381b3e9431538cfbe79a47d435cda6d432ad53c338ab0b7f07517f6c59b91c03dc658e3889fa2c3e625e76630c2d112b9ff
ssdeep: 12288:11+OZmTDZHvDELHcDSGERA0wZEMGQ0CBj4R/hapxuNk:10OZmTJYHc1Ccp45hayNk
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: scrtQgSz.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: scrtQgSz.exe

Malware.AI.3288043862 also known as:

K7AntiVirusTrojan ( 00510c561 )
LionicTrojan.Win32.Generic.i!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.13025
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.Generic.3
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaTrojanPSW:Win32/Kryptik.c2b1a16b
K7GWTrojan ( 00510c561 )
Cybereasonmalicious.6e6ecd
ESET-NOD32a variant of MSIL/Kryptik.JPZ
APEXMalicious
AvastWin32:DangerousSig [Trj]
KasperskyHEUR:Trojan-PSW.Win32.Generic
BitDefenderGen:Variant.Ransom.Generic.3
NANO-AntivirusTrojan.Win32.Crypt.eqhtpo
MicroWorld-eScanGen:Variant.Ransom.Generic.3
TencentMsil.Trojan.Crypt.Ljaj
Ad-AwareGen:Variant.Ransom.Generic.3
SophosML/PE-A + Troj/dnDrop-G
ComodoTrojWare.MSIL.Kryptik.JQZ@7dbx3x
BitDefenderThetaGen:NN.ZemsilF.34126.Km1@a0OpyVg
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTSPY_GOLROTED.AUSSOA
McAfee-GW-EditionTrojan-FNEU!3B0560B6E6EC
FireEyeGeneric.mg.3b0560b6e6ecd291
EmsisoftGen:Variant.Ransom.Generic.3 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1109442
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.20E30EB
MicrosoftPUA:Win32/InstallCore
GDataGen:Variant.Ransom.Generic.3
AhnLab-V3Win-Trojan/MSILKrypt.Exp
McAfeeTrojan-FNEU!3B0560B6E6EC
MAXmalware (ai score=100)
MalwarebytesMalware.AI.3288043862
PandaTrj/GdSda.A
TrendMicro-HouseCallTSPY_GOLROTED.AUSSOA
YandexTrojan.Crypt!acNuAhuoocs
IkarusTrojan-Spy.MSIL.Golroted
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.FDE1C!tr
AVGWin32:DangerousSig [Trj]
Paloaltogeneric.ml

How to remove Malware.AI.3288043862?

Malware.AI.3288043862 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment