MSIL/Kryptik.ADVE removal tips

The MSIL/Kryptik.ADVE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.ADVE virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Kryptik.ADVE?


File Info:
name: 9F5E919BFD932146A59A.mlw
path: /opt/CAPEv2/storage/binaries/4f97e52ca46091f7651cfebc671b00a7c8c1abd92e2b532eb141c0266eecb2f0
crc32: 4CD1F4F0
md5: 9f5e919bfd932146a59a97489d88f798
sha1: e09efcad97d94d2e645bf46ef563e665950e5d15
sha256: 4f97e52ca46091f7651cfebc671b00a7c8c1abd92e2b532eb141c0266eecb2f0
sha512: 57f6137ec3b7596130531f11c5ec51831d77a494e0b1d93b44c3ea967e934cfd4f03bd1b310c435eb88adcd8c289e95c5db66107ebe1ef13c34b8ef94de4e23e
ssdeep: 12288:QrLnczFK2gtUg/EbmcUgn6HKG172oZzdxQ:8nczFGv/EKcj6qG1p6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D0A4010A33EC5B73E47E47FA2975111063B2742B7520E35D5CCAB1EB2A327825A51FA3
sha3_384: 104bf09ddf078a26de17ccbedc6a064e584904c5974c9d1c1f76d8b08191f76a390474cee8b96e607b2b84afcfdf721b
ep_bytes: ff250020400008000000090000000800
timestamp: 2093-07-03 17:41:42

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Os C
FileDescription: Batalha Naval
FileVersion: 1.0.0.0
InternalName: RuntimeEnvironme.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: RuntimeEnvironme.exe
ProductName: BatalhaNaval
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.ADVE also known as:

Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.38323370
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058c2361 )
Alibaba	Trojan:Win32/Kryptik.ali2000016
K7GW	Trojan ( 0058c2361 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/MSIL_Kryptik.GGY.gen!Eldorado
Symantec	Scr.Malcode!gdn30
ESET-NOD32	a variant of MSIL/Kryptik.ADVE
APEX	Malicious
Avast	Win32:SpywareX-gen [Trj]
Kaspersky	HEUR:Backdoor.MSIL.NanoBot.gen
BitDefender	Trojan.GenericKD.38323370
MicroWorld-eScan	Trojan.GenericKD.38323370
Tencent	Msil.Backdoor.Nanobot.Hwda
Ad-Aware	Trojan.GenericKD.38323370
Emsisoft	Trojan.Crypt (A)
Comodo	Malware@#195zmyv4qdrtk
DrWeb	Trojan.PackedNET.1140
TrendMicro	TROJ_FRS.0NA103LN21
McAfee-GW-Edition	PWS-FCUF!9F5E919BFD93
FireEye	Trojan.GenericKD.38323370
Sophos	Mal/Generic-S + Troj/MSIL-SDM
Ikarus	Trojan.MSIL.Inject
GData	Trojan.GenericKD.38323370
Jiangmin	Backdoor.MSIL.fjid
Webroot	W32.Trojan.Gen
Kingsoft	Win32.Hack.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Packed.vb
Arcabit	Trojan.Generic.D248C4AA
Microsoft	Trojan:MSIL/Tnega.BK!MTB
AhnLab-V3	Trojan/Win.Generic.C4865690
McAfee	PWS-FCUF!9F5E919BFD93
MAX	malware (ai score=100)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.Tasker
TrendMicro-HouseCall	TROJ_FRS.0NA103LN21
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ADXN!tr
AVG	Win32:SpywareX-gen [Trj]
Paloalto	generic.ml

How to remove MSIL/Kryptik.ADVE?

MSIL/Kryptik.ADVE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X