Should I remove “MSIL/GenKryptik.GCAV”?

The MSIL/GenKryptik.GCAV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/GenKryptik.GCAV virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/GenKryptik.GCAV?


File Info:
name: A6A3ECF77A3D0E0B2F7D.mlw
path: /opt/CAPEv2/storage/binaries/1b01ebd8c54832e5f83263a30d9d26a666123600cf8b4c91977aa0f6515a3ea5
crc32: F5E840EB
md5: a6a3ecf77a3d0e0b2f7dd19e4691a19c
sha1: 9cfd00df00e644b7a5b4851127079c562662249f
sha256: 1b01ebd8c54832e5f83263a30d9d26a666123600cf8b4c91977aa0f6515a3ea5
sha512: bd1fb3634cd08ddb77fadbadd9bee7b5160c90aecfd2a41ae3c10e3b126cab0cc4596b10a79571ffc4cca30b4653b2c0e2888d5ac69d9d2f96cc004801cb2de6
ssdeep: 12288:iUvhjbjl2pl3dcr2iNwgwgj+I8/O+utVWfV1TTmJr:9Y8r1GgPj+I8/O+gueJr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3F4285029AEC118E2F66B7D6BD0A6B1BA6AFF231606532934853247073293CCD7FD35
sha3_384: b869dcba748ecfaf69da0a95a74b216072ed707acb3bf88b3fe17cf315775e694a4095db96a0c6de1d29a29f6ce6376f
ep_bytes: ff250020400000000000000000000000
timestamp: 2057-12-10 13:17:52

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: HenryBooks
FileVersion: 1.0.0.0
InternalName: Zc0s0EX.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Zc0s0EX.exe
ProductName: HenryBooks
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/GenKryptik.GCAV also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Trojan.Olock.1
Alibaba	Trojan:MSIL/Generic.f062239f
Cybereason	malicious.f00e64
Symantec	Scr.Malcode!gdn30
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.GCAV
APEX	Malicious
Paloalto	generic.ml
Kaspersky	VHO:Backdoor.MSIL.NanoBot.gen
BitDefender	Gen:Trojan.Olock.1
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Gen:Trojan.Olock.1
Emsisoft	Gen:Trojan.Olock.1 (B)
VIPRE	Gen:Trojan.Olock.1
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.a6a3ecf77a3d0e0b
Sophos	Troj/MSIL-SSP
SentinelOne	Static AI – Suspicious PE
GData	Gen:Trojan.Olock.1
MAX	malware (ai score=89)
Arcabit	Trojan.Olock.1
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
ALYac	Gen:Trojan.Olock.1
Malwarebytes	MachineLearning/Anomalous.97%
Rising	Trojan.Generic/MSIL@AI.90 (RDM.MSIL:5z40SxhTA/AEUYAovVnvTg)
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.AGTG!tr
BitDefenderTheta	Gen:NN.ZemsilF.34784.Tm0@aqIRc6e
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove MSIL/GenKryptik.GCAV?

MSIL/GenKryptik.GCAV removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X