MSIL/Kryptik.UWO removal instruction

The MSIL/Kryptik.UWO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Kryptik.UWO virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process attempted to delay the analysis task.
The binary likely contains encrypted or compressed data.
Looks up the external IP address
Executed a process and injected code into it, probably while unpacking
Exhibits behavior characteristic of iSpy Keylogger
Checks the CPU name from registry, possibly for anti-virtualization

Related domains:

z.whorecord.xyz

a.tomx.xyz

bot.whatismyipaddress.com

How to determine MSIL/Kryptik.UWO?


File Info:
crc32: 6632FE28
md5: df16a99b34fc3624d0be6f13202c29e3
name: chi.exe
sha1: f6d749f3e1937efa42f1edd0d85e9adbd98649ea
sha256: 104bb4cfe6c1b9614ee6fe3e83de994cbc691e8518655edcee8f9ab0b3171f6d
sha512: 8755d1af06b1ce0b5a8ab81924fab614859ccebed2b3c3bb641880aeed5a7e686de55c24e7dce1d0e3e9d3d451deeb99ecd568a0c04127bdae2393fcd4b5c4b6
ssdeep: 12288:UCHfGSwy+efQrqO/VQGZKxidIp/pNd5/JMN0FmyQhzLItDnOJM5zXzhemb+:UCHfQy+V5d9KxYIdW0UhiniM5rzq
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  x58a8x4e91x8f6fx4ef6 2013
Assembly Version: 1.2.0.0
InternalName: HaxrRHEXgC.exe
FileVersion: 1.2.0.0
CompanyName: x51afx5929x6587
LegalTrademarks: x58a8x4e91x8f6fx4ef6
Comments: x58a8x4e91x8f6fx4ef6-x6570x72ecx8ba1x7b97x5668x63a7x4ef6
ProductName: SudokuCalcs
ProductVersion: 1.2.0.0
FileDescription: SudokuCalcs
OriginalFilename: HaxrRHEXgC.exe

MSIL/Kryptik.UWO also known as:

MicroWorld-eScan	Trojan.GenericKD.33501440
FireEye	Generic.mg.df16a99b34fc3624
McAfee	RDN/Generic.dx
ALYac	Trojan.GenericKD.33501440
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0056199d1 )
BitDefender	Trojan.GenericKD.33501440
K7GW	Trojan ( 0056199d1 )
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZemsilF.34098.3m0@aO4dpSh
F-Prot	W32/MSIL_Agent.BCO.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of MSIL/Kryptik.UWO
TrendMicro-HouseCall	TROJ_GEN.R011C0PC420
Avast	Win32:PWSX-gen [Trj]
GData	Trojan.GenericKD.33501440
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba	TrojanPSW:MSIL/Kryptik.fa911606
ViRobot	Trojan.Win32.Z.Malpack.912384
AegisLab	Trojan.Multi.Generic.4!c
APEX	Malicious
Rising	Trojan.Kryptik!8.8 (CLOUD)
Endgame	malicious (high confidence)
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Kryptik.trckm
DrWeb	Trojan.Siggen9.16936
TrendMicro	TROJ_GEN.R011C0PC420
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.33501440 (B)
Cyren	W32/MSIL_Agent.BCO.gen!Eldorado
Avira	TR/Kryptik.trckm
MAX	malware (ai score=89)
Arcabit	Trojan.Generic.D1FF3100
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
Microsoft	Trojan:Win32/Occamy.C
Ad-Aware	Trojan.GenericKD.33501440
Malwarebytes	Trojan.MalPack.VND
Panda	Trj/GdSda.A
Tencent	Msil.Trojan-qqpass.Qqrob.Wsju
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.74499699.susgen
Fortinet	MSIL/Kryptik.EFKZ!tr
Webroot	W32.Trojan.Gen
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Generic/Trojan.d23

How to remove MSIL/Kryptik.UWO?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

MSIL/Kryptik.UWO removal instruction