MSIL/Surveyer.EW (file analysis)

The MSIL/Surveyer.EW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Surveyer.EW virus can do?

Authenticode signature is invalid

How to determine MSIL/Surveyer.EW?


File Info:
name: 906B889486C2218C1610.mlw
path: /opt/CAPEv2/storage/binaries/4a20555527aedf730fee7b1c49564a2797c02e93724005fa3a88772dd5d36a53
crc32: AF04D533
md5: 906b889486c2218c16102a49bd1bff15
sha1: f05384f3ac2567ce2a1ffcc07851bf4bd623ccb2
sha256: 4a20555527aedf730fee7b1c49564a2797c02e93724005fa3a88772dd5d36a53
sha512: 049428475244e09eac40314414208112d0ec93293884ac7ca7f4b449a9c7b69b4a04085e38f0fb0491cfee34ab7bf902aa7a224a8da3573917886df17594b276
ssdeep: 24576:znTfnTinTrnTWnTMnTQnTWnTCipLw2SCTC:/70HIOSICi1Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10935B39362519658CEE1C6F13086549DD22ECD322DB35A50762BBF18FF32E9DB884237
sha3_384: 74d0e51cf77fb267b542b8da3545b6fa6892fb9eb59bf450c5682bd73b5b46e437348c157c6c3157323dffea19cc8f5f
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-12-20 13:49:28

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft
FileDescription: Instalator_Sandek
FileVersion: 1.0.0.0
InternalName: Dishonored 2.exe
LegalCopyright: Copyright © Microsoft 2014
LegalTrademarks: 
OriginalFilename: Dishonored 2.exe
ProductName: Instalator_Sandek
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Surveyer.EW also known as:

Cynet	Malicious (score: 99)
FireEye	Generic.mg.906b889486c2218c
Zillya	Trojan.Surveyer.Win32.761
Cybereason	malicious.486c22
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Surveyer.EW
APEX	Malicious
BitDefender	Gen:Variant.MSILPerseus.214606
NANO-Antivirus	Trojan.Win32.Surveyer.fchxku
MicroWorld-eScan	Gen:Variant.MSILPerseus.214606
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.MSILPerseus.214606
Emsisoft	Gen:Variant.MSILPerseus.214606 (B)
DrWeb	Trojan.Surveyer.52
VIPRE	Gen:Variant.MSILPerseus.214606
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.MSILPerseus.214606
Webroot	W32.Malware.gen
Avira	HEUR/AGEN.1217859
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.MSILPerseus.D3464E
Microsoft	Trojan:Win32/Skeeyah.A!rfn
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4520266
BitDefenderTheta	Gen:NN.ZemsilF.34606.gn0@aif@vYf
ALYac	Gen:Variant.MSILPerseus.214606
MAX	malware (ai score=86)
Malwarebytes	Trojan.Surveyer
Rising	Trojan.Surveyer!8.7C2 (CLOUD)
Yandex	Trojan.Surveyer!M3/lGJaZJwY
Ikarus	Trojan.MSIL.Surveyer
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (D)

How to remove MSIL/Surveyer.EW?

MSIL/Surveyer.EW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X