Malware

Malware.AI.3961981900 removal guide

Malware Removal

The Malware.AI.3961981900 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.3961981900 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine Malware.AI.3961981900?


File Info:

name: C4F4B56320633B425410.mlw
path: /opt/CAPEv2/storage/binaries/b72b9e9ced5e1ecbd2160c12a3a949490b2f6f96d224057fd3b5ea90c82bc3a0
crc32: A7559BC6
md5: c4f4b56320633b4254100ed1c91bfbff
sha1: 0b8fe517c2b5982f01f37167770d64520c90dd08
sha256: b72b9e9ced5e1ecbd2160c12a3a949490b2f6f96d224057fd3b5ea90c82bc3a0
sha512: c27f6ab10bdf4928a6207af83de01e58323056a773287eea0c7ae07907973b2bb4162d2a0d6d915d3aa6c5f89794b98f5cf7a0dee6271ebfc2e09f156d9fa6ff
ssdeep: 3072:qEjewHbVgiarKbnubRfwl41JA+2Ks7uTiuTKx:qEjnHb5B69wCA+2KtTNT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EA349D81E6709345F87729721A2D0DB01AAEFD6FDA64120B2974FC08CDB32D36962B57
sha3_384: e423487466838a6c6411fc52c9b642a99c28f03712b70d514e8af0de4ae28cd037eb5697983eb0264fefe39d046aa1d0
ep_bytes: 558bec83ec7856c745f8000000008d45
timestamp: 2014-03-18 14:13:00

Version Info:

Comments: This installation was built with.
Translation: 0x0000 0x04b0

Malware.AI.3961981900 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Variant.Ser.Lazy.1166
FireEyeGeneric.mg.c4f4b56320633b42
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot-FATG!C4F4B5632063
MalwarebytesMalware.AI.3961981900
ZillyaBackdoor.Androm.Win32.6838
SangforSuspicious.Win32.Save.a
K7AntiVirusBackdoor ( 0040f8401 )
BitDefenderGen:Variant.Ser.Lazy.1166
K7GWBackdoor ( 0040f8401 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34682.om0@aeDDezoi
VirITTrojan.Win32.Zbot.GIY
CyrenW32/Trojan.ZGRW-5016
SymantecPacked.Generic.459
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Zortob.B
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-6830587-0
KasperskyTrojan-Downloader.Win32.Dofoil.bvtq
NANO-AntivirusTrojan.Win32.Androm.cvfvmj
CynetMalicious (score: 100)
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
Ad-AwareGen:Variant.Ser.Lazy.1166
TACHYONBackdoor/W32.Androm.239104.B
SophosML/PE-A + Troj/Ransom-AGS
ComodoBackdoor.Win32.Androm.DPEI@58bzy6
DrWebBackDoor.Kuluoz.4
VIPREGen:Variant.Ser.Lazy.1166
TrendMicroBKDR_KULUOZ.SMJ1
McAfee-GW-EditionPWS-Zbot-FATG!C4F4B5632063
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ser.Lazy.1166 (B)
IkarusTrojan-Spy.Agent
JiangminBackdoor/Androm.cjz
AviraBDS/Androm.bxjd
MicrosoftTrojanDownloader:Win32/Kuluoz.D
SUPERAntiSpywareTrojan.Agent/Gen-Lockscreen
GDataGen:Variant.Ser.Lazy.1166
GoogleDetected
AhnLab-V3Win-Trojan/Agent.239104.BK
VBA32BScope.Trojan-Dropper.8612
ALYacGen:Variant.Ser.Lazy.1166
MAXmalware (ai score=87)
CylanceUnsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallBKDR_KULUOZ.SMJ1
TencentMalware.Win32.Gencirc.114c3d06
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Lockscreen.LOA!tr
AVGWin32:Agent-AZTR [Trj]
Cybereasonmalicious.320633
AvastWin32:Agent-AZTR [Trj]

How to remove Malware.AI.3961981900?

Malware.AI.3961981900 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment