About “Trojan.Win32.Shelma.buei” infection

The Trojan.Win32.Shelma.buei is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Shelma.buei virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan.Win32.Shelma.buei?


File Info:
name: C2AE42753B7F0C2B46F8.mlw
path: /opt/CAPEv2/storage/binaries/0439bc890f8c235fa29b3a029b78614e97e8db62569492dfb3031017341fd890
crc32: FF80B25D
md5: c2ae42753b7f0c2b46f82d435a1e530a
sha1: c1e7d56d9cb8b8262542228de584e7b409665f2c
sha256: 0439bc890f8c235fa29b3a029b78614e97e8db62569492dfb3031017341fd890
sha512: da339358a20c732a13261a74a7923e638e302ebdc393df13ce82f7de97794fd7a25f981753cfb2774a5b685d2efdc5e626a1f229854dffb4ab2ef438f739cdad
ssdeep: 384:XG/HIJn0Qhj6IO75PmMJqSkfM/tqZArmWkMNwPhWSBhD2eHUp3:AHO0yj6PxmMJfkfMlYYb8hnBhD2p
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T10B1309117284C03BFCEA00FEEAFE8CB5191CED342B5A41D3A1D711ADEA511DA643579B
sha3_384: 492ec60b882befdb7d0d3aef77ecbd2407c6cd228d4088b9db5e4f8e9cf2d6f74212311d89ae20d71d566fc6e6cfa6ee
ep_bytes: e958140000e982430000e9ee1c0000e9
timestamp: 2022-01-31 02:15:17

Version Info:
0: [No Data]

Trojan.Win32.Shelma.buei also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Trojan.GenericKD.38823310
FireEye	Trojan.GenericKD.38823310
ALYac	Trojan.GenericKD.38823310
Cylance	Unsafe
Sangfor	Trojan.Win32.Wacatac.B
Cyren	W32/Fugrafa.Z.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R002C0PB622
ClamAV	Win.Trojan.MSShellcode-6360728-0
Kaspersky	Trojan.Win32.Shelma.buei
BitDefender	Trojan.GenericKD.38823310
Avast	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKD.38823310
Emsisoft	Trojan.GenericKD.38823310 (B)
TrendMicro	TROJ_GEN.R002C0PB622
McAfee-GW-Edition	BehavesLike.Win32.Generic.pt
Sophos	Generic ML PUA (PUA)
APEX	Malicious
GData	Trojan.GenericKD.38823310
MAX	malware (ai score=87)
ZoneAlarm	Trojan.Win32.Shelma.buei
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.CO.C4944371
McAfee	GenericRXQI-CO!C2AE42753B7F
Malwarebytes	Malware.AI.657691952
Rising	Trojan.Shelma!8.1A3D (TFE:5:9bhNNiLfIJI)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/PossibleThreat
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A

How to remove Trojan.Win32.Shelma.buei?

Trojan.Win32.Shelma.buei removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X