Virus

Virus.Win32.MoonRover removal guide

Malware Removal

The Virus.Win32.MoonRover is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus.Win32.MoonRover virus can do?

  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Virus.Win32.MoonRover?



File Info:

name: 6F262E11FD644DFE5EF5.mlw
path: /opt/CAPEv2/storage/binaries/7e3118c2ea2e99ca48b1675040399367a484ac57fe2732abfbee2839e96b2dab
crc32: E3D56DB5
md5: 6f262e11fd644dfe5ef587c90128c8ba
sha1: b5785cdd11f5345940d35e4fd9418dba0e12a87d
sha256: 7e3118c2ea2e99ca48b1675040399367a484ac57fe2732abfbee2839e96b2dab
sha512: 29ecbad1f4dab65e77ea9558e05d761fcaf3e9c05f4db55343177278f75a8634e5432f146a47971c50ab9fedfcdf05c08481767b8e95f8cc1e6d4344bdd135f3
ssdeep: 12288:sqci/nQ5OLpdNIrd4Ds5OLpdNIrd4DKXMNyalZdV:sqLImXIrdFmXIrd1coMd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13FC4BFC3B24D60B4FCA609B0153E5C111A6BAD8D03982D8F7ED77BAE19772C256366C3
sha3_384: c30ac99781c1654b5af6907c280fd9b3a024eda9d32b825b5ab381071344024d699a73cebebd3b72a09600f28547428b
ep_bytes: bb77690000be00804700bf645549a6a1
timestamp: 2011-08-20 06:08:13


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Internet Explorer Add-on Installer
FileVersion: 11.00.9600.18858 (winblue_ltsb.171107-0923)
InternalName: ieinstal.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ieinstal.exe
ProductName: Internet Explorer
ProductVersion: 11.00.9600.18858
Translation: 0x0409 0x04b0

Virus.Win32.MoonRover also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Malachite.A
FireEyeGeneric.mg.6f262e11fd644dfe
ALYacWin32.Malachite.A
CylanceUnsafe
ZillyaVirus.WLKSM.Win32.1
K7AntiVirusVirus ( 004deede1 )
AlibabaVirus:Win32/WLKSM.fbd4afd6
K7GWVirus ( 004deede1 )
Cybereasonmalicious.1fd644
BaiduWin32.Virus.MoonRover.a
CyrenW32/Malachite.A
ESET-NOD32Win32/Agent.NCD
APEXMalicious
KasperskyVirus.Win32.WLKSM.a
BitDefenderWin32.Malachite.A
NANO-AntivirusVirus.Win32.Infector.dleseh
AvastWin32:WLKSM-UT [Trj]
TencentVirus.Win32.Wlksm.c
Ad-AwareWin32.Malachite.A
EmsisoftWin32.Malachite.A (B)
ComodoVirus.Win32.WLKSM.AA@6cq5zv
DrWebBackDoor.Siggen.57937
McAfee-GW-EditionBehavesLike.Win32.Virus.hh
SophosML/PE-A + Mal/FakeAV-BW
IkarusVirus.Win32.Agent
GDataWin32.Malachite.A
AviraW32/Malachite.A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Win32/Malachite.X1599
MAXmalware (ai score=84)
VBA32Virus.Win32.MoonRover
MaxSecureVirus.Win32.WLKSM.a
FortinetW32/Badda.5137.A
AVGWin32:WLKSM-UT [Trj]
PandaGeneric Suspicious
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Virus.Win32.MoonRover?

Virus.Win32.MoonRover removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment