Malware

Should I remove “Malware.AI.4040850662”?

Malware Removal

The Malware.AI.4040850662 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4040850662 virus can do?

  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4040850662?



File Info:

name: 4E550D7C7852E8BDA913.mlw
path: /opt/CAPEv2/storage/binaries/a20f5361541d708be613768b03a28e03156174f6bacab4df0214888bd5fa0c39
crc32: A383E939
md5: 4e550d7c7852e8bda913025bfcf20100
sha1: 29e7796116e6ddec830ce979fed7e7abd7d450cc
sha256: a20f5361541d708be613768b03a28e03156174f6bacab4df0214888bd5fa0c39
sha512: 86e445217cf0f4cdd9a1c4644b3ed1302085df53014fc0f7e501ebffb079e9ad435c4a7b84b48dabee04e62ba73d230f9d6289fc1f5dcfde711816a8a4aa3c71
ssdeep: 3072:aKTlsdwAnKWGbkvNCkywkYhQwZsGzHZ5rcLfWI:
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T104B459202518716BE3B2FE71EAF02251CF27FE531A56263D65130B93A522E97CC7463E
sha3_384: cd1be1260f392c0a6fffb0f4b78628fdb1b337f78d8bbc4826110f10fc0cf44e35bc639afdfd5b26953f14d579b452a9
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-03-29 06:07:02


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: x1332y.exe
LegalCopyright:  
OriginalFilename: x1332y.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Malware.AI.4040850662 also known as:

LionicVirus.MSIL.Lamer.n!c
Elasticmalicious (high confidence)
DrWebMSIL.Cola.1
MicroWorld-eScanTrojan.GenericKDZ.94670
ClamAVWin.Packed.Barys-7725442-0
FireEyeGeneric.mg.4e550d7c7852e8bd
CAT-QuickHealW32.Lamer.M3
McAfeeGenericRXAO-XB!4E550D7C7852
Cylanceunsafe
ZillyaTrojan.RibajGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00544e311 )
AlibabaVirus:MSIL/CryptInject.52980506
K7GWTrojan ( 00544e311 )
Cybereasonmalicious.116e6d
BitDefenderThetaGen:NN.ZemsilF.36738.Fm0@aqdOnGo
CyrenW32/MSIL_Ribaj.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Ribaj.D
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Virus.MSIL.Lamer.gen
BitDefenderTrojan.GenericKDZ.94670
NANO-AntivirusTrojan.Win32.Kazy.elhoip
AvastWin32:MalwareX-gen [Trj]
TencentMsil.Virus.Ribaj.Eflw
TACHYONWorm/W32.MSILamer
EmsisoftTrojan.GenericKDZ.94670 (B)
F-SecureTrojan.TR/Dropper.MSIL.Gen
VIPRETrojan.GenericKDZ.94670
TrendMicroVirus.MSIL.RIBAJ.SMW.orig
McAfee-GW-EditionBehavesLike.Win32.Generic.gz
Trapminesuspicious.low.ml.score
SophosMSIL/Ribaj-A
IkarusVirus.MSIL.CryptInject
JiangminVirus.MSIL.Lamer.a
AviraTR/Dropper.MSIL.Gen
Antiy-AVLTrojan/MSIL.Ribaj.a
Kingsoftmalware.kb.c.1000
MicrosoftTrojan:Win32/CoinMiner!pz
XcitiumVirus.MSIL.Ribaj.F@7oybry
ArcabitTrojan.Generic.D171CE
ZoneAlarmHEUR:Virus.MSIL.Lamer.gen
GDataMSIL.Virus.Ribaj.B
GoogleDetected
AhnLab-V3Trojan/Win32.Injector.R260749
VBA32Virus.MSIL.Lamer.1
ALYacTrojan.GenericKDZ.94670
MAXmalware (ai score=100)
MalwarebytesMalware.AI.4040850662
PandaTrj/CI.A
TrendMicro-HouseCallVirus.MSIL.RIBAJ.SMW.orig
RisingTrojan.Ribaj!1.B577 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.GenericKDZ.51306
FortinetMSIL/Ribaj.D
AVGWin32:MalwareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4040850662?

Malware.AI.4040850662 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment