MSIL/Kryptik.PAI removal tips

The MSIL/Kryptik.PAI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.PAI virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/Kryptik.PAI?


File Info:
name: 05E84ED31EFE75BDB602.mlw
path: /opt/CAPEv2/storage/binaries/363aeec843ac0a6c454b54cb77a608bbf4788ad41bf1c774b5499bf0130f9a48
crc32: 953E7157
md5: 05e84ed31efe75bdb602fff44918b18b
sha1: 0b0f0dbfad7fb71455dbd8ed587261b94ff9f55d
sha256: 363aeec843ac0a6c454b54cb77a608bbf4788ad41bf1c774b5499bf0130f9a48
sha512: da716625b1ba3fa6cefe9477b33caa720fe9a39e6374bc19a2675f48998fdc172965f70cdce29e7dd6592b0306d23cebefc228eba133af96c7701d5e8fbcc497
ssdeep: 12288:9FTPm1RJGE5wJGE5SLVke1REcJyWaSeS:9FK7JNyJNE1pJ/heS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14FA4BF367106DC05C62D0636982F65C8A7B99B853A53CF1E798F630C9F015DF2A2E9CE
sha3_384: 04c9c3f8d7757ce07d7aab9f40fa0b2d3f06074f72a96404016dfeaee3f997831b066aed4732346839979c0b5aa18f3c
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-10-11 13:22:44

Version Info:
Translation: 0x0000 0x04b0
Comments: i5axm2k50zf
CompanyName: Precision Castparts Corp
FileDescription: Ashampoo Snap Business
FileVersion: 14.3.7.3
InternalName: apollo_x86.exe
LegalCopyright: Copyright © 2018 Precision Castparts Corp
OriginalFilename: apollo_x86.exe
ProductName: Ashampoo Snap Business
ProductVersion: 14.3.7.3
Assembly Version: 0.0.0.0

MSIL/Kryptik.PAI also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Agent.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.05e84ed31efe75bd
Skyhigh	BehavesLike.Win32.Backdoor.gh
McAfee	Artemis!05E84ED31EFE
Malwarebytes	Trojan.PasswordStealer.MSIL.Generic
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00540f7f1 )
Alibaba	Trojan:MSIL/Kryptik.ecd4bb93
K7GW	Trojan ( 00540f7f1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.MSIL.Basic.1.Gen
BitDefenderTheta	Gen:NN.ZemsilF.36680.Dm0@aK6r7ki
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.PAI
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Trojan.MSIL.Basic.1.Gen
MicroWorld-eScan	Trojan.MSIL.Basic.1.Gen
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Agent.Edhl
Emsisoft	Trojan.MSIL.Basic.1.Gen (B)
F-Secure	Heuristic.HEUR/AGEN.1307353
VIPRE	Trojan.MSIL.Basic.1.Gen
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Krypt
Jiangmin	Trojan.Agent.blvr
Avira	HEUR/AGEN.1307353
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#3ubovkzd1ywqk
Microsoft	VirTool:MSIL/Injector
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Trojan.MSIL.Basic.1.Gen
Google	Detected
AhnLab-V3	Trojan/Win32.MSIL.C2623484
ALYac	Trojan.MSIL.Basic.1.Gen
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.98 (RDM.MSIL2:+lAkj9NbqJS8qZCz4WS5BA)
Yandex	Trojan.Agent!19qZhfEwlCU
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.TUU!tr
AVG	Win32:Malware-gen
Cybereason	malicious.fad7fb
DeepInstinct	MALICIOUS

How to remove MSIL/Kryptik.PAI?

MSIL/Kryptik.PAI removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X