Risk

RiskTool.NSIS.ExtInstall.b removal guide

Malware Removal

The RiskTool.NSIS.ExtInstall.b is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskTool.NSIS.ExtInstall.b virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Enumerates running processes
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Attempts to identify installed AV products by installation directory
  • Attempts to masquerade or mimic a legitimate process or file name
  • Uses suspicious command line tools or Windows utilities

How to determine RiskTool.NSIS.ExtInstall.b?



File Info:

name: F85AEFC6BA99521A0607.mlw
path: /opt/CAPEv2/storage/binaries/004089c63485d08d2bf67a01d17c8e0ff8fe09e21ed8e03604be6db8450f21c0
crc32: 136243C7
md5: f85aefc6ba99521a0607cfb7e96bfd3a
sha1: 36095445210290cb9d2529676fbdc884b222b63a
sha256: 004089c63485d08d2bf67a01d17c8e0ff8fe09e21ed8e03604be6db8450f21c0
sha512: 56864bee9bfd9338c25917108bb312a3685e5902cac2b382c07b92df47f78a1a2b2c71e5752c3b5fe527e62107e2086c7c0f8c7d2f7c80160a2a4dceedb3a5b6
ssdeep: 6144:Us3jkaLhGwE3Q7J8vYC7Qwrz5r4ddYVW4bvhlHQ0MlnUi:Tj39GwEsJ8BFz5cdeVLbHM1Ui
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17EA423D024D4D46FD427B9F599A2D17BCBB2AE4425350D8B8B3836ABB031483CD2679E
sha3_384: db8e9805aa37f3e01f3962b2d205b106423ed3e0c161f47be4b5e0b69200ecb955804351917ad98d97e652de45de008e
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

0: [No Data]

RiskTool.NSIS.ExtInstall.b also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Extenbro.10
MicroWorld-eScanTrojan.GenericKD.3356926
FireEyeTrojan.GenericKD.3356926
McAfeeGeneric.afy
CylanceUnsafe
ZillyaTrojan.ExtenBro.Win32.61063
SangforSuspicious.Win32.Graftor.296934
K7AntiVirusTrojan ( 004f42bc1 )
AlibabaAdWare:Win32/ExtInstall.a47c0067
K7GWTrojan ( 004f42bc1 )
BitDefenderThetaGen:NN.ZedlaF.34182.gu4@aSuILLoi
CyrenW32/Wacapew.BF.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002C0PH421
Kasperskynot-a-virus:RiskTool.NSIS.ExtInstall.b
BitDefenderTrojan.GenericKD.3356926
NANO-AntivirusTrojan.Win32.ExtenBro.eefnde
SUPERAntiSpywarePUP.SmartBrowser/Variant
AvastWin32:Malware-gen
RisingTrojan.ExtenBro!8.51 (CLOUD)
SophosMal/Generic-S
ComodoApplicUnwnt@#k5zdcgiqryew
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PH421
McAfee-GW-EditionBehavesLike.Win32.AdwareSweet.gc
EmsisoftTrojan.GenericKD.3356926 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1203625
MAXmalware (ai score=88)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Dynamer!rfn
ZoneAlarmnot-a-virus:RiskTool.NSIS.ExtInstall.b
GDataGen:Variant.Bulz.422186
CynetMalicious (score: 100)
ALYacGen:Variant.Bulz.422186
VBA32Trojan.Wacatac
APEXMalicious
TencentWin32.Trojan.Strictor.Eddq
YandexTrojan.GenAsa!MmOfhgQT3mI
FortinetW32/Generic.AC.389DBA!tr
AVGWin32:Malware-gen
Cybereasonmalicious.6ba995
PandaTrj/CI.A

How to remove RiskTool.NSIS.ExtInstall.b?

RiskTool.NSIS.ExtInstall.b removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment