Malware

Should I remove “MSIL/Kryptik.AARR”?

Malware Removal

The MSIL/Kryptik.AARR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.AARR virus can do?

  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine MSIL/Kryptik.AARR?



File Info:

crc32: BDC978D2
md5: e60478d832cfe8404e3c9ecf7b8e1c59
name: E60478D832CFE8404E3C9ECF7B8E1C59.mlw
sha1: c237870663ad66bdfa8ae46062e23a234039450e
sha256: 33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a
sha512: d793c8cd41d780a9e002627807ed188bb4ef1e59e4db3230c4389ee5f46afbbb173c61425289e537911acc7c98e64dc8a3d913cf8139f427d5f60c3b85bab526
ssdeep: 768:He32534uUPTwUkem046A9u0Fh0y0WA2u+JCBGuDiDkqYtqT2M1T2+6LcM3Qskfv:HVUVkNi9APtrZRF59asCPqJ59LGK
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: All Rights Reserved
Assembly Version: 8.541.775.601
InternalName: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c.exe
FileVersion: 8.541.775.601
CompanyName: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c Inc.
LegalTrademarks: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c
Comments: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c
ProductName: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c
ProductVersion: 8.541.775.601
FileDescription: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c
OriginalFilename: x1017x1017x1046x1045x104fx1015x1015x101bx1013x102ex1046x1018x101ax1047x1016x1046x1048x1026x1047x1027x1018x1047x1049x1013x101ax1035x101cx1017x101ax1050x1017x1046x1028x1046x1016x1033x1018x1016x1017x101ax101ax1047x1044x1033x1017x1044x101c.exe
Translation: 0x0000 0x0514

MSIL/Kryptik.AARR also known as:

K7AntiVirusTrojan ( 0057bc6b1 )
Elasticmalicious (high confidence)
DrWebTrojan.InjectNET.29
ALYacTrojan.GenericKD.36831820
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderTrojan.GenericKD.36831820
K7GWTrojan ( 0057bc6b1 )
Cybereasonmalicious.663ad6
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.AARR
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.MSIL.Crypt.gen
AlibabaTrojan:MSIL/Kryptik.f990f41b
MicroWorld-eScanTrojan.GenericKD.36831820
TencentMsil.Trojan.Crypt.Ahnw
Ad-AwareTrojan.GenericKD.36831820
SophosMal/Generic-S
ComodoMalware@#i0i3skk27ssv
BitDefenderThetaGen:NN.ZemsilF.34688.nn0@aWJqy3li
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.AGENTTESLA.USMANE221
McAfee-GW-EditionBehavesLike.Win32.Generic.tz
FireEyeGeneric.mg.e60478d832cfe840
EmsisoftTrojan.GenericKD.36831820 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Kryptik.elzel
KingsoftWin32.Troj.Generic_a.a.(kcloud)
AegisLabTrojan.Multi.Generic.4!c
GDataTrojan.GenericKD.36831820
AhnLab-V3Trojan/Win.Kryptik.C4448850
McAfeePWS-FCYM!E60478D832CF
MAXmalware (ai score=80)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Crypt
TrendMicro-HouseCallTrojanSpy.Win32.AGENTTESLA.USMANE221
RisingTrojan.Kryptik!8.8 (CLOUD)
IkarusTrojan-Downloader.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.AARR!tr
PandaTrj/GdSda.A

How to remove MSIL/Kryptik.AARR?

MSIL/Kryptik.AARR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment