Should I remove “Trojan:Win32/Sabsik!mclg”?

The Trojan:Win32/Sabsik!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Sabsik!mclg virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous .NET characteristics
Anomalous binary characteristics

How to determine Trojan:Win32/Sabsik!mclg?


File Info:
name: E06F42E8F1EF0D5CB5C2.mlw
path: /opt/CAPEv2/storage/binaries/9c98d2996b1b5f6c0359642966c9b9fda82057933a5272554ee23cd152351b2e
crc32: 6218C34D
md5: e06f42e8f1ef0d5cb5c29493d64710da
sha1: 6f46ba84ae390ad1f19176ffefd4917710ba3dcc
sha256: 9c98d2996b1b5f6c0359642966c9b9fda82057933a5272554ee23cd152351b2e
sha512: 7c57645812c49406aaf65f8db2bedeb69aaedf56ec9646c567ca2073b9b4dd35c492a274de4e37d9548e759cd8ff4edc96d1780cf0e422b96b24241a0d8624fc
ssdeep: 192:xqIsbh+mkbWyr9BPI2DBvpnG8CvjemHx:4h+myr91hDBv5GemH
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1A5F1C609BBEC8545F5FF4F3968F267211672FB472962D71E2C88005D2C726918AE2FB1
sha3_384: 57b11da40f47073958ce4960cabf2f89ddbe22cacfa02e8c216e721eb4fd30bd1e1ba3f636ac1a38f1f689338def17de
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2021-09-25 14:38:22

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: xmr-uninstaller.exe
LegalCopyright:  
OriginalFilename: xmr-uninstaller.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:Win32/Sabsik!mclg also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.12047
FireEye	Generic.mg.e06f42e8f1ef0d5c
CAT-QuickHeal	Trojanpws.Msil
ALYac	IL:Trojan.MSILZilla.12047
Malwarebytes	Malware.AI.3588302750
Sangfor	Infostealer.MSIL.Fareit.gen
K7AntiVirus	Trojan ( 0057fc381 )
Alibaba	TrojanPSW:MSIL/Fareit.c5221d33
K7GW	Trojan ( 0057fc381 )
Cyren	W64/MSIL_Troj.BCG.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Agent.UQS
Paloalto	generic.ml
ClamAV	Win.Packed.Bulz-9883710-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Fareit.gen
BitDefender	IL:Trojan.MSILZilla.12047
Avast	Win64:PWSX-gen [Trj]
Tencent	Trojan.Win64.BitCoinMiner.16000099
Ad-Aware	IL:Trojan.MSILZilla.12047
Sophos	Mal/Generic-S
DrWeb	Trojan.Siggen15.29118
TrendMicro	TROJ_GEN.R002C0GJA21
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	IL:Trojan.MSILZilla.12047 (B)
SentinelOne	Static AI – Malicious PE
GData	IL:Trojan.MSILZilla.12047
Avira	HEUR/AGEN.1143065
MAX	malware (ai score=82)
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Ransom.Win64.Sabsik.sa
Arcabit	IL:Trojan.MSILZilla.D2F0F
Microsoft	Trojan:Win32/Sabsik!mclg
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4623435
McAfee	Artemis!E06F42E8F1EF
VBA32	TrojanPSW.MSIL.Fareit
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0GJA21
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:busV2jvA7lhOBdAANll6FQ)
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.73688875.susgen
Fortinet	MSIL/Agent.UQS!tr
AVG	Win64:PWSX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:Win32/Sabsik!mclg?

Trojan:Win32/Sabsik!mclg removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X