Trojan:Win32/AveMaria.KY!MTB removal instruction

The Trojan:Win32/AveMaria.KY!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/AveMaria.KY!MTB virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/AveMaria.KY!MTB?


File Info:
name: 07E084BDD7E009447E67.mlw
path: /opt/CAPEv2/storage/binaries/a105f7f16645aa4f9601fae85f668364ca995243732cfc864d8e2014595f16ed
crc32: 35C9F062
md5: 07e084bdd7e009447e67cefd88dd6803
sha1: b4c8b10f2a2decfb7fe439436868a5b3bfd2adb4
sha256: a105f7f16645aa4f9601fae85f668364ca995243732cfc864d8e2014595f16ed
sha512: 560f3345dc02f899b411980f599a6dfba84e3acca82ee18fe13ebea7695d9f026e806748ecfd25488a504e9c547ea851745c65f91e3b9a07a11b3cd41114b6a6
ssdeep: 49152:2uLqn8Y6FlWZ0vH/k3mlXoQq7TuN5zdi8ewnXZCF:2uZp/k3mlXoQq+N5zTXZCF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C285C0A2B1D0412AD133DBF55B5699F4373F7D312D18678EE2E62B890A34AD068E3533
sha3_384: 9eeec31263947912cd8d8831abe8e3ead3ac964d6c0ea0d97f05f9dc1657c1bcd9d242a640981419379c6afddf076d1f
ep_bytes: 558bec83c4f0b8ac1e4600e80042faff
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Trojan:Win32/AveMaria.KY!MTB also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ulise.471227
FireEye	Gen:Variant.Ulise.471227
Skyhigh	BehavesLike.Win32.HLLP.tc
McAfee	Artemis!07E084BDD7E0
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
ESET-NOD32	Win32/TrojanDownloader.ModiLoader.AAT
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender	Gen:Variant.Ulise.471227
Emsisoft	Gen:Variant.Ulise.471227 (B)
DrWeb	Trojan.DownLoader46.52814
VIPRE	Gen:Variant.Ulise.471227
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Ulise.471227
Google	Detected
Antiy-AVL	Trojan[Backdoor]/Win32.Blakken
Arcabit	Trojan.Ulise.D730BB
ZoneAlarm	HEUR:Trojan-Spy.Win32.Noon.gen
Microsoft	Trojan:Win32/AveMaria.KY!MTB
Varist	W32/Trojan.VSDQ-6993
MAX	malware (ai score=80)
Ikarus	Trojan.Inject
Fortinet	W32/ModiLoader.YK!tr
Cybereason	malicious.f2a2de

How to remove Trojan:Win32/AveMaria.KY!MTB?

Trojan:Win32/AveMaria.KY!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X