MSIL/Kryptik.WHK removal tips

The MSIL/Kryptik.WHK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.WHK virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Kryptik.WHK?


File Info:
name: 70A940B92FEC54B3FF96.mlw
path: /opt/CAPEv2/storage/binaries/86338fed3535a4d27b6748633376e5aa45f86dcdc9da4012b4bad128df904c73
crc32: 215388BB
md5: 70a940b92fec54b3ff96c9f39068a942
sha1: 4b775e3bb677f3a4109d7b9d7676135cce1d7645
sha256: 86338fed3535a4d27b6748633376e5aa45f86dcdc9da4012b4bad128df904c73
sha512: 5b67aebb0f557229672d896bb6d67e2ed3ebbfa54f3bdea6d2339e8ba31cd3ae1f4ee6cf0156cff36958ca42add3659c4f595f3e34e14608748847848d6062cb
ssdeep: 12288:+UJXnfIzdJjV1OCAchA+/EByOOCDAqgZ+:XJPq8oA+/KZAb4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B94E030336A464BC5FD4AF45476A0C203B66452B686E74E7DC291EC4EA3BC31F52B9B
sha3_384: 23f0d7e270f93a22f4f69e835c3d52256ad3bd06c71a799da48aeaa8a27e6da6a55f6b7c804f44156f0f0b0ff0a000f4
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-05-31 03:30:34

Version Info:
Translation: 0x0000 0x04b0
Comments: help his five year old son Tony fall asleep
CompanyName: written by Merv in 1963
FileDescription: Jeopardy Core
FileVersion: 19.0.0.3
InternalName: rDSCYudRiq.exe
LegalCopyright: written by Merv in 1963
LegalTrademarks: 
OriginalFilename: rDSCYudRiq.exe
ProductName: Jeopardy Core
ProductVersion: 19.0.0.3
Assembly Version: 19.0.0.3

MSIL/Kryptik.WHK also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Agensla.i!c
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Olock.1
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	BehavesLike.Win32.Trojan.gc
McAfee	Artemis!70A940B92FEC
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Gen:Trojan.Olock.1
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	TrojanPSW:MSIL/Agensla.beda09ef
K7GW	Trojan ( 700000121 )
Cybereason	malicious.bb677f
Arcabit	Trojan.Olock.1
VirIT	Trojan.Win32.AgentTesla.EEVGO
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.WHK
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender	Gen:Trojan.Olock.1
NANO-Antivirus	Trojan.Win32.Kryptik.hlcryf
Avast	Win32:Trojan-gen
Tencent	Msil.Trojan-QQPass.QQRob.Kajl
Sophos	Troj/MSIL-SSP
F-Secure	Heuristic.HEUR/AGEN.1323930
DrWeb	Trojan.PackedNET.964
Emsisoft	Gen:Trojan.Olock.1 (B)
Ikarus	Trojan.MSIL.Crypt
Jiangmin	Trojan.PSW.MSIL.bzkj
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1323930
Antiy-AVL	Trojan[PSW]/MSIL.Agensla
Xcitium	Malware@#3fac8tha8579i
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
GData	Gen:Trojan.Olock.1
AhnLab-V3	Malware/Win32.RL_Generic.C4125722
VBA32	TScope.Trojan.MSIL
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.95 (RDM.MSIL2:Xxvyd9F5KSTetmrdyVg12Q)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/GenKryptik.ELBN!tr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/Kryptik.WHK?

MSIL/Kryptik.WHK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X