How to remove “PWS:Win32/Racealer.GKM!MTB”?

Malware Removal

The PWS:Win32/Racealer.GKM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What PWS:Win32/Racealer.GKM!MTB virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:15744
  • A process created a hidden window
  • Unconventionial binary language: Persian (Iran)
  • Unconventionial language used in binary resources: Slovak
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Steals private information from local Internet browsers
  • Attempts to execute a powershell command with suspicious parameter/s
  • Collects information about installed applications
  • Likely virus infection of existing system binary
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine PWS:Win32/Racealer.GKM!MTB?


File Info:

crc32: 81EF5D39
md5: 03b1daa2ee50da70c70c779b7471f492
name: 03B1DAA2EE50DA70C70C779B7471F492.mlw
sha1: dfccc553dd00dee74dc212373a82cae24e2648b5
sha256: a954e03d2300786bf77ab0caab269c05b75c34d62e0497979bfbb6919befcff5
sha512: 5992a51209077ef25069c6c2e2a8f7f30e049e4938c9f0be49d3eaa02267f307d7fc23b5589151d910a5ff66fe20dd0c798a0b0b403597f311cf145d5ee9ef4e
ssdeep: 98304:H/v3r6gMGjrn5idcLNhqKM1gFxjLU0cLSSmzJ2I5Z0G1DXmQ8ADPVcp5YqHPAjc:Hr2YTLM1grjLehBI7zXnDPG5YqHycI1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: calimalimodunator.exe
FileVersions: 7.0.0.23
LegalCopyrights: Vsekdag
ProductVersions: 67.0.20.45
Translation: 0x0429 0x04e7

PWS:Win32/Racealer.GKM!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36410044
ALYacTrojan.GenericKD.36410044
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Multi.Generic.4!c
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.36410044
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_80% (W)
ArcabitTrojan.Generic.D22B92BC
CyrenW32/Trojan.OGVG-3411
SymantecTrojan Horse
APEXMalicious
AvastWin32:PWSX-gen [Trj]
ClamAVWin.Malware.Mokes-9836212-0
KasperskyHEUR:Trojan.Win32.Zenpak.gen
AlibabaTrojanPSW:Win32/Racealer.ccc3cdc2
NANO-AntivirusTrojan.Win32.Kryptik.imuqib
RisingBackdoor.Mokes!8.619 (CLOUD)
Ad-AwareTrojan.GenericKD.36410044
EmsisoftTrojan.GenericKD.36410044 (B)
F-SecureTrojan.TR/Crypt.Agent.fbwbd
DrWebTrojan.Siggen12.15223
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGeneric.mg.03b1daa2ee50da70
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
AviraTR/Crypt.Agent.fbwbd
eGambitUnsafe.AI_Score_99%
MAXmalware (ai score=84)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftTrojan.Win32.Packed.oa
MicrosoftPWS:Win32/Racealer.GKM!MTB
ZoneAlarmHEUR:Trojan.Win32.Zenpak.gen
GDataWin32.Packed.Kryptik.58C447
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.RL_Reputation.R368442
McAfeeGenericRXAA-AA!03B1DAA2EE50
VBA32BScope.Backdoor.Mokes
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HJRK
SentinelOneStatic AI – Malicious PE
FortinetPossibleThreat.PALLAS.H
BitDefenderThetaGen:NN.ZexaF.34590.@F0@a0BUSefG
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HwoCjw8A

How to remove PWS:Win32/Racealer.GKM!MTB?

PWS:Win32/Racealer.GKM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment