Malware.AI.4179224097 removal instruction

The Malware.AI.4179224097 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.4179224097 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Malware.AI.4179224097?


File Info:
name: EFCE8FA6091ACEF4A0A2.mlw
path: /opt/CAPEv2/storage/binaries/ef6061525cb0f0768397780c0dc9dcd47713a2144aa6ec683955f52cf4eb0947
crc32: 6533D7D5
md5: efce8fa6091acef4a0a21e3dedd055d1
sha1: 5a8b3028dbd4f11241e0f91a6489adfbc1ea1e3e
sha256: ef6061525cb0f0768397780c0dc9dcd47713a2144aa6ec683955f52cf4eb0947
sha512: 73ac5f861862e25c6423b2eb41bea2c3a995e5b5f690e40d5a3688f53bc16560ea6d315280a99994fb2fa6db8cf5c8f17ba27ef2fbb3be850c53546fba721b6b
ssdeep: 49152:E7NpBbwVF9wdKkwpVornkocrPJjY14lWIc/QdjbrIJ6FQQLK9I:EOxwdexPt4NQjQ6FrLK+
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1D9A58C3AE2980069D8BBD776C9425B55FB71780E3F3052DB00B0C8897F56EB2D638B59
sha3_384: c569854dfbf30f2442cfcb91df276878dddc058a1834be447a4b10b0257246f5fe131878c332f01121ff6f9f95e86e93
ep_bytes: 90554889e55648ffce57415441554156
timestamp: 2055-05-31 22:53:04

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft® Block Level Backup Engine Service EXE
FileVersion: 10.0.17134.1276 (WinBuild.160101.0800)
InternalName: wbengine.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: wbengine.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1276
Translation: 0x0409 0x04b0

Malware.AI.4179224097 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.108
MicroWorld-eScan	Win64.Expiro.Gen.3
FireEye	Generic.mg.efce8fa6091acef4
ALYac	Win64.Expiro.Gen.3
Cylance	Unsafe
VIPRE	Virus.Win64.Expiro.gen.a (v)
K7AntiVirus	Virus ( 0040f8071 )
K7GW	Virus ( 0040f8071 )
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W64/Expiro.D!gen
Symantec	W64.Xpiro.F
ESET-NOD32	Win64/Expiro.AG
TrendMicro-HouseCall	PE64_EXPIRO.AR
Kaspersky	Virus.Win64.Expiro.g
BitDefender	Win64.Expiro.Gen.3
NANO-Antivirus	Virus.Win64.Expiro.dtfhve
Avast	Win32:Expiro-DD
Tencent	Virus.Win64.Expiro.ad
Ad-Aware	Win64.Expiro.Gen.3
Emsisoft	Win64.Expiro.Gen.3 (B)
Baidu	Win64.Virus.Expiro.r
Zillya	Virus.Expiro.Win64.34
TrendMicro	PE64_EXPIRO.AR
McAfee-GW-Edition	BehavesLike.Win64.Expiro.vc
Sophos	ML/PE-A + W64/Expiro-S
Ikarus	Virus.Win32.Expiro
GData	Win64.Expiro.Gen.3
Avira	W64/Expiro.AF
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Generic.ASVirus.311
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Win64/Expiro2.Gen
Acronis	suspicious
McAfee	W64/Expiro.a
TACHYON	Virus/W64.Expiro.C
Malwarebytes	Malware.AI.4179224097
APEX	Malicious
Rising	Virus.Expiro!1.A140 (CLASSIC)
SentinelOne	Static AI – Malicious PE
Fortinet	W64/Expiro.Q
AVG	Win32:Expiro-DD
Cybereason	malicious.6091ac
Panda	W32/Expiro.gen
MaxSecure	virus.win64.expiro.gen

How to remove Malware.AI.4179224097?

Malware.AI.4179224097 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X