Malware.AI.4244946025 removal guide

The Malware.AI.4244946025 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.4244946025 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.4244946025?


File Info:
name: DBADFDB1B39D40F30813.mlw
path: /opt/CAPEv2/storage/binaries/1e0a744302550f3d283ca4942ba876e7d6ae79670bae951f5950d426b309b4a7
crc32: B4B90FDC
md5: dbadfdb1b39d40f30813e6b447c50c4e
sha1: 2b2b2851c1f3219c61a4e6fe4313e2b1627035d2
sha256: 1e0a744302550f3d283ca4942ba876e7d6ae79670bae951f5950d426b309b4a7
sha512: 352310b359ad8c47d5d20aa51c3080a2af4a78ff957a88df04e67054c3542ea41212dadc5673a4cc20364ad70033cb05dea48c12657043f4ef49b41f424a0447
ssdeep: 24576:MuEmh/Edz+NjO4XXmTPVvO9s2PWlhObcQCFVDmsWtaZjM25rj:F/EYI4HmTPVvOS2OlhVQiVDmjtaZjMA
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T177655976BA9D85B4D077813795A24685F7F2F8535B31CA8B2251D20F2E3FAA0DE34312
sha3_384: 9ab890cfa3c37bf6124f5970ed046a620b613f64d156fd13e1597e79bf83cce2507c4c8553b31955169a81a470810c61
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2053-09-20 05:31:57

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Search Indexer
FileVersion: 7.0.17134.1304 (WinBuild.160101.0800)
InternalName: SearchIndexer.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: SearchIndexer.exe
ProductName: Windows® Search
ProductVersion: 7.0.17134.1304
Translation: 0x0409 0x04b0

Malware.AI.4244946025 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.dbadfdb1b39d40f3
ALYac	Win64.Expiro.Gen.6
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Expiro-9891987-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
DrWeb	Win64.Expiro.132
TrendMicro	Virus.Win64.EXPIRO.MR
SentinelOne	Static AI – Suspicious PE
Sophos	ML/PE-A + W64/Expiro-AX
APEX	Malicious
Jiangmin	Trojan.Bingoml.akq
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
MAX	malware (ai score=88)
Malwarebytes	Malware.AI.4244946025
Ikarus	Virus.Win64.Expiro
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_70% (D)
MaxSecure	virus.win64.expiro.gen

How to remove Malware.AI.4244946025?

Malware.AI.4244946025 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X