Trojan

MSIL/TrojanClicker.Small.NCI removal instruction

Malware Removal

The MSIL/TrojanClicker.Small.NCI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What MSIL/TrojanClicker.Small.NCI virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (14 unique times)
  • Performs some HTTP requests
  • Steals private information from local Internet browsers
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

adf.ly
lnk.co
ad4.us
loadingwebsite.info
usfinf.net
d1lxhc4jvstzrp.cloudfront.net
cdn.adf.ly
ocsp.pki.goog
crl.pki.goog
crls.pki.goog
iyfnz.com
img1.wsimg.com
ocsp.starfieldtech.com

How to determine MSIL/TrojanClicker.Small.NCI?


File Info:

crc32: 951E6464
md5: d9938b48f02e89b8971d33e5a0acce4a
name: D9938B48F02E89B8971D33E5A0ACCE4A.mlw
sha1: e77f3f9452def1be64885413a0536f9bf6f16441
sha256: 1d00d01b7e88beccc6f511df99ed1480b2d1b25b13462e29df53ae8a6e718a10
sha512: 7b31601f5548ffb59f73b80963e7155952c3ee323a858478a4a1976276dfbc97ce8fd0bbd5568fd98eff3e0c3c3d6401366a828159ac8e4b39d10dd55be13b1f
ssdeep: 192:XH3Kuh9IXP8IPZu3PsfSSR5VrjroGMqvWUGdWI:XXCXP8C20qSpjsfqvWUGdW
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft Corporation
Assembly Version: 5.1.2600.5512
InternalName: svchost.exe
FileVersion: 5.1.2600.5512
CompanyName: Microsoft Corporation
LegalTrademarks: Microsoftxae and Windowsxae are Trademarks of Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 5.1.2600.5512
FileDescription: svchost
OriginalFilename: svchost.exe

MSIL/TrojanClicker.Small.NCI also known as:

LionicTrojan.MSIL.Agent.4!c
ALYacGen:Heur.MSIL.Krypt.!cdmip!.2
CylanceUnsafe
SangforTrojan.Win32.Dropper.gen
AlibabaTrojanClicker:MSIL/Generic.b794f465
Cybereasonmalicious.8f02e8
CyrenW32/Trojan.DIS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanClicker.Small.NCI
AvastWin32:Dropper-gen [Drp]
KasperskyTrojan-Clicker.MSIL.Agent.cnfc
BitDefenderGen:Heur.MSIL.Krypt.!cdmip!.2
MicroWorld-eScanGen:Heur.MSIL.Krypt.!cdmip!.2
TencentMsil.Trojan.Agent.Wtdj
Ad-AwareGen:Heur.MSIL.Krypt.!cdmip!.2
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZemsilF.34266.am0@a05rBC
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGen:Heur.MSIL.Krypt.!cdmip!.2
EmsisoftGen:Heur.MSIL.Krypt.!cdmip!.2 (B)
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.22A009A
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Occamy.C1D
GDataGen:Heur.MSIL.Krypt.!cdmip!.2
McAfeeArtemis!D9938B48F02E
MAXmalware (ai score=99)
VBA32Trojan.MSIL.gen.a.1
MalwarebytesTrojan.Crypt.Generic
FortinetPossibleThreat
AVGWin32:Dropper-gen [Drp]
Paloaltogeneric.ml

How to remove MSIL/TrojanClicker.Small.NCI?

MSIL/TrojanClicker.Small.NCI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment