Malware

Malware.AI.990010947 removal guide

Malware Removal

The Malware.AI.990010947 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.990010947 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Malware.AI.990010947?



File Info:

name: EB915442A795276C6EA6.mlw
path: /opt/CAPEv2/storage/binaries/88022e915875c2c1a7887d636b38fdc272314b5c4a26ba1a433a08b73ce513ff
crc32: 6563229B
md5: eb915442a795276c6ea66594675635f5
sha1: bafea4c1615d44eff42b8548513518e301fd8816
sha256: 88022e915875c2c1a7887d636b38fdc272314b5c4a26ba1a433a08b73ce513ff
sha512: 0cf34012a22257d8a3a00176faa37986160c8a64a308c74dd8dd035beedf7efc04f36ed6ad75e46634b25470cb0e46ed59474fe8f9ab6ceae96ffff9e59c9615
ssdeep: 3072:6JqeNmQ2T5UVGdIuNOQgL898ASOeQkp4oi2mC5Yq7Lt/cUbyxQLgtNYiL6Qoutal:reIQwOGdI639SY2mK0IyxQLMNbL6QoSM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC141256E6A8C304E2F3513E16FFF7489824D0E9DE7B5C7BEF0429386C61229A647319
sha3_384: 022120200a795df22d79f0e284a82145eeafdf289ee1e6b9129fdb5d65d5e0d903cc844b5513b04e0a7f268b420ed2a8
ep_bytes: 60be003042008dbe00e0fdff5789e58d
timestamp: 2011-06-13 00:30:39


Version Info:

CompanyName: Quick Heal Technologies (P) Ltd.
FileDescription: Quick Heal AntiMalware
FileVersion: 6.0.0.1
InternalName: asmain.exe
LegalCopyright: © Quick Heal Technologies (P) Ltd. All rights reserved.
OriginalFilename: asmain.exe
ProductName: Quick Heal AntiVirus
ProductVersion: 13.00
Translation: 0x0409 0x04e4

Malware.AI.990010947 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.547
MicroWorld-eScanGen:Variant.Zusy.641
FireEyeGeneric.mg.eb915442a795276c
CAT-QuickHealTrojanPWS.Zbot.Y
ALYacGen:Variant.Zusy.641
CylanceUnsafe
SangforTrojan.Win32.Generic.ky
K7AntiVirusPassword-Stealer ( 003c6e581 )
AlibabaTrojanSpy:Win32/Cryptor.faf72868
K7GWPassword-Stealer ( 003c6e581 )
Cybereasonmalicious.2a7952
BitDefenderThetaGen:NN.ZexaF.34182.mm1@aSltM0fi
VirITTrojan.Win32.Generic.BJPO
CyrenW32/Zbot.DD.gen!Eldorado
SymantecPacked.Generic.350
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallTROJ_FRS.0NA103BL20
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.641
NANO-AntivirusTrojan.Win32.Panda.cxaflo
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
TencentMalware.Win32.Gencirc.10ba4d94
EmsisoftGen:Variant.Zusy.641 (B)
ComodoTrojWare.Win32.Kryptik.ZSAA@4mdv0b
VIPRETrojan.Win32.Reveto.D (v)
TrendMicroTROJ_FRS.0NA103BL20
McAfee-GW-EditionPWS-Zbot.gen.rc
SophosMal/Generic-R + Mal/Zbot-EZ
JiangminTrojan/Menti.qtz
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.48E501
GridinsoftRansom.Win32.Zbot.sa
MicrosoftPWS:Win32/Zbot
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.641
AhnLab-V3Trojan/Win32.Menti.R20280
McAfeeArtemis!EB915442A795
MAXmalware (ai score=98)
VBA32Malware-Cryptor.ImgChk
MalwarebytesMalware.AI.990010947
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojanSpy.Zbot!gqo3q08+8jI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/Kryptik.ABC!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.990010947?

Malware.AI.990010947 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment