MSIL/Kryptik.VFB removal

The MSIL/Kryptik.VFB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Kryptik.VFB virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Network activity detected but not expressed in API logs
Checks the CPU name from registry, possibly for anti-virtualization
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine MSIL/Kryptik.VFB?


File Info:
crc32: AC9490D5
md5: fd46f8035ad4d8e993890b2886ff29f1
name: moni.exe
sha1: 2f4bb929fd15f93d8539e2ad27968a95bd01bdfa
sha256: 6113046113beedf3743a485a6b5f6d6ff29e7f957cc0256771f685b373ec0443
sha512: 2e04fa045a6427a98dd4ab11fb7b77a359a386f8a03edd9d6d7b4f0e301b3a38de304a1557bd1ab31e2be8ab6898ceda56dd3118f91100801c86c2ae27ffe582
ssdeep: 12288:Gxzv5LmXVmBgL6tsNV+TLG8SNqHx4497Nv4nrajNijVlh9Ox2:GxdLmXt6vVHx19Nv7jNO
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2016
Assembly Version: 1.0.0.0
InternalName: lmHuI.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: Calculator
ProductVersion: 1.0.0.0
FileDescription: Calculator
OriginalFilename: lmHuI.exe

MSIL/Kryptik.VFB also known as:

MicroWorld-eScan	Trojan.GenericKD.42879773
FireEye	Generic.mg.fd46f8035ad4d8e9
Qihoo-360	Generic/Trojan.PSW.374
McAfee	Artemis!FD46F8035AD4
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.42879773
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_100% (W)
F-Prot	W32/MSIL_Kryptik.AJW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Avast	Win32:RATX-gen [Trj]
GData	Trojan.GenericKD.42879773
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba	TrojanPSW:MSIL/Kryptik.65e380b4
AegisLab	Trojan.Multi.Generic.4!c
Rising	Trojan.Sonbokli!8.10198 (CLOUD)
Endgame	malicious (high confidence)
Sophos	Mal/Generic-S
DrWeb	Trojan.PWS.Siggen2.45357
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.42879773 (B)
SentinelOne	DFI – Malicious PE
Cyren	W32/MSIL_Troj.SZ.gen!Eldorado
Webroot	W32.Malware.Gen
MAX	malware (ai score=84)
Arcabit	Trojan.Generic.D28E4B1D
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
Microsoft	Trojan:Win32/Bluteal!rfn
VBA32	CIL.HeapOverride.Heur
ALYac	Trojan.GenericKD.42879773
Ad-Aware	Trojan.GenericKD.42879773
Malwarebytes	Spyware.AgentTesla
Panda	Trj/CI.A
ESET-NOD32	a variant of MSIL/Kryptik.VFB
TrendMicro-HouseCall	TROJ_GEN.R032H0CCO20
Tencent	Msil.Trojan-qqpass.Qqrob.Eeqw
Yandex	Trojan.Igent.bTqgeb.18
Ikarus	Trojan.Inject
Fortinet	MSIL/GenKryptik.EGTW!tr
BitDefenderTheta	Gen:NN.ZemsilF.34104.Hm0@a4Yx8Fb
AVG	Win32:RATX-gen [Trj]
Paloalto	generic.ml
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/Kryptik.VFB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.