ML/PE-A + Mal/SpyGate-A removal instruction

The ML/PE-A + Mal/SpyGate-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/SpyGate-A virus can do?

Executable code extraction
Creates RWX memory
Starts servers listening on 127.0.0.1:0
Reads data out of its own binary image
Steals private information from local Internet browsers
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine ML/PE-A + Mal/SpyGate-A?


File Info:
crc32: F501C0CB
md5: 986486951e3a56d7dd4fe124e8abf385
name: 986486951E3A56D7DD4FE124E8ABF385.mlw
sha1: a661d5970cf5a73c3c347817fecad242ae4e0a5f
sha256: 398638fa30112b56cc7f63584881d433003e474e4cf0bd4c9dee00661dd3deec
sha512: f0ee2ef0f9928e3d9d0db0e56c3daa27978a20c25c81002d9b18c7e11e341fd38f58273aa014ca77d5793bb86cfa287537129a05f4c3dd8900d67c3be0f37c1a
ssdeep: 3072:v9Xwtyq/A1XqBwOEqjB7PU1xQ1vMKVxKIIlQ6:ytyqVBV8H4MS4
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Microsoft Corporation
Assembly Version: 1.4.0.0
InternalName: Stub.exe
FileVersion: 1.4
CompanyName: Microsoft Corporation
ProductVersion: 1.4
FileDescription: Microsoft Corporation
OriginalFilename: Stub.exe

ML/PE-A + Mal/SpyGate-A also known as:

K7AntiVirus	Trojan ( 700000121 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen1.5465
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Bladabindi.G3
ALYac	Trojan.GenericKD.44922685
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 700000121 )
Cybereason	malicious.51e3a5
Cyren	W32/MSIL_Mintluks.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.AT
APEX	Malicious
Avast	MSIL:GenMalicious-BRD [Trj]
ClamAV	Win.Dropper.njRAT-7400469-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.44922685
NANO-Antivirus	Trojan.Win32.TrjGen.dklyhh
MicroWorld-eScan	Trojan.GenericKD.44922685
Tencent	Malware.Win32.Gencirc.10c86a7b
Ad-Aware	Trojan.GenericKD.44922685
Sophos	ML/PE-A + Mal/SpyGate-A
Comodo	Backdoor.MSIL.Bladabindi.FQ@5s6e92
BitDefenderTheta	Gen:NN.ZemsilF.34236.jq1@aqNJ5Pi
VIPRE	Win32.Malware!Drop
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BackDoor-FCLI!986486951E3A
FireEye	Generic.mg.986486951e3a56d7
Emsisoft	Trojan.GenericKD.44922685 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.dwhio
Avira	TR/Dropper.Gen
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.2F8561
Microsoft	TrojanDownloader:MSIL/Genmaldow.AE!bit
Arcabit	Trojan.Generic.D2AD773D
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	MSIL.Trojan-Spy.Keylogger.I
AhnLab-V3	Trojan/Win32.Bladabindi.R85080
McAfee	BackDoor-FCLI!986486951E3A
MAX	malware (ai score=89)
VBA32	Trojan.MSIL.gen.c.5
Panda	Generic Malware
TrendMicro-HouseCall	BKDR_BLADABI.SMC
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Yandex	Trojan.Agent!tkKiZYhXONc
Ikarus	Trojan.MSIL.Janeleiro
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/SpyPSW.AVQ!tr
AVG	MSIL:GenMalicious-BRD [Trj]

How to remove ML/PE-A + Mal/SpyGate-A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

ML/PE-A + Mal/SpyGate-A removal instruction