Should I remove “RiskTool.Win64.BitCoinMiner.irlh”?

The RiskTool.Win64.BitCoinMiner.irlh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What RiskTool.Win64.BitCoinMiner.irlh virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine RiskTool.Win64.BitCoinMiner.irlh?


File Info:
name: B032FB9E4D98BB90565A.mlw
path: /opt/CAPEv2/storage/binaries/ef1d5749d107a5ccc88375910e4df91bdea61badc407fcb6cb29776041c3f2f3
crc32: 9905588E
md5: b032fb9e4d98bb90565a568f332add9f
sha1: e66ad8d71e638778a6b0a0e1e8d94526cb445833
sha256: ef1d5749d107a5ccc88375910e4df91bdea61badc407fcb6cb29776041c3f2f3
sha512: 1677c0c4d9fa6db2ec779e39a1c8b7631ae3ed0ae1be43d83ac8f1e829a5ab53700b74500c0d85880682e3292f5b31dc52e3976333712a97295a1cab75be1a8e
ssdeep: 49152:edkntmIrB2Xzn0qHEsIrkU4YlTie1wtl1j2sTetLtPHSTQjaU7HTajz1f8:sk7eHEXtfwA7LJuUSj
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T18976B40A1EF52FC6D11AE2FB40D915AABE7520E437393EEF595087940706DE8F07CA26
sha3_384: 2ed64b98aa0c5f83039b8a818deb464438327bd966982574d6749ad7c18718e84ec3e660e776c6aec32df59803dcd3eb
ep_bytes: 4883ec28e8d70b00004883c428e976fe
timestamp: 2018-05-22 14:21:55

Version Info:
0: [No Data]

RiskTool.Win64.BitCoinMiner.irlh also known as:

Lionic	Riskware.Win64.BitCoinMiner.1!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.b032fb9e4d98bb90
ALYac	Gen:Variant.Application.Miner.5
Cylance	Unsafe
Alibaba	RiskWare:Win64/Miners.1fb663b0
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	PUA.Gen.2
ESET-NOD32	a variant of Win64/CoinMiner.RH potentially unwanted
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:RiskTool.Win64.BitCoinMiner.irlh
BitDefender	Gen:Variant.Application.Miner.5
NANO-Antivirus	Riskware.Win64.CoinMiner.fcnice
MicroWorld-eScan	Gen:Variant.Application.Miner.5
Ad-Aware	Gen:Variant.Application.Miner.5
Emsisoft	Gen:Variant.Application.Miner.5 (B)
Comodo	ApplicUnwnt@#2lmjpa89705qs
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win64.PUP.wh
Sophos	Ethminer Ethereum Miner (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Application.Miner.5
Jiangmin	RiskTool.BitCoinMiner.hob
MAX	malware (ai score=97)
Antiy-AVL	RiskWare[RiskTool]/Win64.BitCoinMiner
Gridinsoft	Ransom.Win64.Gen.sa
AhnLab-V3	Win-Trojan/Miner3.Exp
Acronis	suspicious
McAfee	Artemis!B032FB9E4D98
TrendMicro-HouseCall	TROJ_GEN.R002H0CJL21
Yandex	Trojan.GenAsa!TDJB2yzusHg
Fortinet	Riskware/BitCoinMiner
Webroot	W32.Miner
Cybereason	malicious.e4d98b
Panda	Trj/CI.A

How to remove RiskTool.Win64.BitCoinMiner.irlh?

RiskTool.Win64.BitCoinMiner.irlh removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X