MSIL/GameTool.EW potentially unsafe malicious file

The MSIL/GameTool.EW potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/GameTool.EW potentially unsafe virus can do?

Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/GameTool.EW potentially unsafe?


File Info:
name: 194DBA4291B4C14F5C47.mlw
path: /opt/CAPEv2/storage/binaries/d6ecfec73b85ae34a171634af61e80a88d386cd62ea03f1e0c937606c6be9082
crc32: 3935B14B
md5: 194dba4291b4c14f5c47de0bb69efff8
sha1: 154161693b4f61fcb91a9dfb0c4e43e53afa2b5d
sha256: d6ecfec73b85ae34a171634af61e80a88d386cd62ea03f1e0c937606c6be9082
sha512: d9ff0b8a1d7950336c15f5810f2530c51c87e3ada1ce20713a86b53aac28e03b40d52251e174fb87a0264c4d97ceff9a4e96e1bb0aa75b125b2a512715940a27
ssdeep: 49152:t7FD6D3UgNCbXbr3zLBy6P5pG9g3zisv3tLi1Z:ZFEzNCLbrX7XzJR2Z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E1B5A093F1428911CC1A0E798963EBB60336AD25BE5A971734C47F1F7EB33C25A216D2
sha3_384: 4502571f473ebeff6da3972e16ef8cb028d17224f4965d66e8285b27989700abecca8c680f789c611ef57aa018c306ad
ep_bytes: ff250020400000000000000000000000
timestamp: 2053-11-21 15:56:03

Version Info:
Translation: 0x0000 0x04b0
Comments: l2sirius Game Updater
CompanyName: l2Sirius
FileDescription: l2sirius Game Client Updater
FileVersion: 2.0.0.0
InternalName: l2sirius Updater.exe
LegalCopyright: l2sirius ©  2023
LegalTrademarks: 
OriginalFilename: l2sirius Updater.exe
ProductName: Client Updater
ProductVersion: 2.0.0.0
Assembly Version: 0.0.0.2

MSIL/GameTool.EW potentially unsafe also known as:

Bkav	W32.Common.2DA16D78
Lionic	Trojan.Win32.GameTool.4!c
FireEye	Trojan.GenericKD.68771580
Skyhigh	Artemis!Trojan
McAfee	Artemis!194DBA4291B4
Cylance	unsafe
Zillya	Trojan.GameTool.Win32.3958
Sangfor	Trojan.Win32.Gametool.V66x
Arcabit	Trojan.Generic.D4195EFC
ESET-NOD32	a variant of MSIL/GameTool.EW potentially unsafe
BitDefender	Trojan.GenericKD.68771580
MicroWorld-eScan	Trojan.GenericKD.68771580
Avast	Win32:Malware-gen
VIPRE	Trojan.GenericKD.68771580
Emsisoft	Trojan.GenericKD.68771580 (B)
Ikarus	PUA.MSIL.Gametool
Varist	W32/ABRisk.TPAQ-0775
Antiy-AVL	RiskWare/MSIL.GameTool
GData	Trojan.GenericKD.68771580
Google	Detected
MAX	malware (ai score=89)
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002H09HN23
MaxSecure	Trojan.Malware.209870759.susgen
Fortinet	Riskware/GameTool
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

How to remove MSIL/GameTool.EW potentially unsafe?

MSIL/GameTool.EW potentially unsafe removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X