Malware

Malware.AI.3471363985 removal guide

Malware Removal

The Malware.AI.3471363985 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3471363985 virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a slightly modified copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Malware.AI.3471363985?



File Info:

crc32: DA8776D2
md5: d5d4100b7a749762af6db5210e8ee515
name: D5D4100B7A749762AF6DB5210E8EE515.mlw
sha1: daa903b87f88c966895f81098077b8ca73fc5b60
sha256: 9ef89431279a316b18d862c7ee16b4dd6ff4055e5886815e0b908cb1b3b07945
sha512: d0cf779793a1f68e4c550fa3d15a89222736bd59bbe4240b21570d911356015b09ad973c47dd32152f4f9bedbb37adc389161603e42731ffa6b43a0b0978228e
ssdeep: 12288:TXZpRannznY7ixr9xoyFfHetpVaQxZheUhQ:TpUPhxF/IVaQxZheUhQ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xffa9 Microsoft Corporation. All rights reserved.
InternalName: MQTGSVC.EXE
FileVersion: 6.1.7600.16385
CompanyName: Microsoft Corporation
PrivateBuild: MQTGSVC.EXE
LegalTrademarks: xffa9 Microsoft Corporation. All rights reserved.
Comments:                                                                                                                                                                                                                                                                    
ProductName: Microsoftxffae Windowsxffae Operating System
SpecialBuild: 6.1.7600.16385
ProductVersion: 6.1.7600.16385
FileDescription: Message Queuing Trigger Service
OriginalFilename: MQTGSVC.EXE
Translation: 0x0409 0x04b0

Malware.AI.3471363985 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0040f0da1 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader9.41316
CAT-QuickHealTrojan.Small.gen
ALYacGen:Trojan.Malware.Cu0@aq9Qdyoi
CylanceUnsafe
ZillyaTrojan.Rodecap.Win32.1605
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojan:Win32/Blocker.52a659a2
K7GWTrojan ( 0040f0da1 )
Cybereasonmalicious.b7a749
CyrenW32/SmallDl.F.gen!Eldorado
ESET-NOD32Win32/Rodecap.AY
APEXMalicious
AvastWin32:Rodecap-G [Cryp]
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.csgc
BitDefenderGen:Trojan.Malware.Cu0@aq9Qdyoi
NANO-AntivirusTrojan.Win32.Small.cjhiqc
MicroWorld-eScanGen:Trojan.Malware.Cu0@aq9Qdyoi
TencentMalware.Win32.Gencirc.10b234b9
Ad-AwareGen:Trojan.Malware.Cu0@aq9Qdyoi
SophosML/PE-A + Mal/Qbot-P
ComodoTrojWare.Win32.Agent.AWR@4ri3wg
BitDefenderThetaGen:NN.ZexaF.34690.Cu0@aq9Qdyoi
VIPRETrojan.Win32.Small.bhn (v)
TrendMicroTROJ_RODECAP.SMO
FireEyeGeneric.mg.d5d4100b7a749762
EmsisoftGen:Trojan.Malware.Cu0@aq9Qdyoi (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.aolgp
WebrootW32.Malware.Gen
AviraTR/Dldr.Small.445112
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Small.BH
ZoneAlarmHEUR:Worm.Win32.Generic
GDataGen:Trojan.Malware.Cu0@aq9Qdyoi
TACHYONTrojan/W32.Blocker.473600
AhnLab-V3Trojan/Win32.Small.R46937
Acronissuspicious
McAfeeDownloader-FLS!D5D4100B7A74
MAXmalware (ai score=88)
VBA32Trojan-Ransom.Blocker
MalwarebytesMalware.AI.3471363985
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_RODECAP.SMO
RisingTrojan.Rodecap!1.AEDF (CLOUD)
YandexTrojan.GenAsa!E1G9eixJVjo
IkarusTrojan-Downloader.Small
FortinetW32/Rodecap.BA!tr
AVGWin32:Rodecap-G [Cryp]
Paloaltogeneric.ml

How to remove Malware.AI.3471363985?

Malware.AI.3471363985 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment