Malware.AI.3491273654 removal tips

The Malware.AI.3491273654 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3491273654 virus can do?

Authenticode signature is invalid
CAPE detected the shellcode get eip malware family

How to determine Malware.AI.3491273654?


File Info:
name: 049C4EC3D2CA862C54E7.mlw
path: /opt/CAPEv2/storage/binaries/4b5ca5ed78ffdaef669eb5f54d308e9ce60dfaafeec3ebe8c4b1d9f29bbd8d29
crc32: E9128FA2
md5: 049c4ec3d2ca862c54e7e74291026a84
sha1: 908970dc8690dc389c5580831ad7e00416cadda6
sha256: 4b5ca5ed78ffdaef669eb5f54d308e9ce60dfaafeec3ebe8c4b1d9f29bbd8d29
sha512: 10a7cae9ff7c61a0236646f9d566b7f864efb201ce67ac61287d6fb8dd7c6f98319e297d8717b448ce5493683ff9877ad01150c552d213a3e4cf631f2ae3248c
ssdeep: 12288:JrZyJAGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:Jent/sBlDqgZQd6XKtiMJYiPU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11655232B3DDB8037EBB75E303E78A480A5733164BE65250F67C42E5E2B39401CD68A76
sha3_384: a300f527273ee2d10b6b1c8756f11629f87e87845d36e29085123c0a9b678bfab650436b50fe448e6cd995055b21d2e8
ep_bytes: e816030000e935fdffff558bec81ec28
timestamp: 2006-10-27 06:44:49

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Groove Audit Service
FileVersion: 12.0.4518.1014
InternalName: GrooveAuditService
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
OriginalFilename: GrooveAuditService.exe
ProductName: Groove Audit Service
ProductVersion: 4.2.0.2623
Translation: 0x0000 0x04b0

Malware.AI.3491273654 also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.Expiro.n!c
Elastic	malicious (high confidence)
DrWeb	Win32.Expiro.158
MicroWorld-eScan	Win32.Expiro.Gen.7
FireEye	Generic.mg.049c4ec3d2ca862c
CAT-QuickHeal	W32.Expiro.R3
Skyhigh	BehavesLike.Win32.Generic.tt
ALYac	Win32.Expiro.Gen.7
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 005a8b911 )
Alibaba	Virus:Win32/Expiro.93b6a1c4
K7GW	Virus ( 005a8b911 )
Cybereason	malicious.c8690d
Symantec	W32.Xpiro.J!dam
ESET-NOD32	Win32/Expiro.CU
APEX	Malicious
ClamAV	Win.Malware.Expiro-9941636-0
Kaspersky	Virus.Win32.Moiva.a
BitDefender	Win32.Expiro.Gen.7
NANO-Antivirus	Virus.Win32.Virut-Gen.bwpxnc
Avast	Win32:Vitro [Inf]
Tencent	Virus.Win32.VirMoiva.a
Emsisoft	Win32.Expiro.Gen.7 (B)
F-Secure	Malware.W32/Infector.Gen
VIPRE	Win32.Expiro.Gen.7
TrendMicro	Virus.Win32.EXPIRO.JMA
Sophos	W32/Moiva-A
Ikarus	Trojan.Win32
Varist	W32/Expiro.AU.gen!Eldorado
Avira	W32/Infector.Gen
Antiy-AVL	Virus/Win32.Expiro.x
Arcabit	Win32.Expiro.Gen.7
ZoneAlarm	Virus.Win32.Moiva.a
GData	Win32.Expiro.Gen.7
Cynet	Malicious (score: 100)
VBA32	Trojan.Sabsik.TE
MAX	malware (ai score=86)
Malwarebytes	Malware.AI.3491273654
Panda	W32/Moyv.A
Rising	Trojan.Generic@AI.100 (RDML:xI1FnqrrA3FZZ6H82a0Znw)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Expiro.NDP!tr
AVG	Win32:Vitro [Inf]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Malware.AI.3491273654?

Malware.AI.3491273654 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X