Virus

How to remove “Virus:Win32/Elly.A”?

Malware Removal

The Virus:Win32/Elly.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Elly.A virus can do?

  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Touches a file containing cookies, possibly for information gathering

How to determine Virus:Win32/Elly.A?



File Info:

name: 6A75F7E3DCEABE5ACBDA.mlw
path: /opt/CAPEv2/storage/binaries/39545d4135b51d17fcc28ada4a38b9f11228a77b68b5fa5ed74e302f7468bb9d
crc32: D6BA4FD2
md5: 6a75f7e3dceabe5acbdad1102242931f
sha1: 54db406cac54d980e608648d481935689d0fc33f
sha256: 39545d4135b51d17fcc28ada4a38b9f11228a77b68b5fa5ed74e302f7468bb9d
sha512: 57a29eb46c25c545e1e29a03c4f024a3871f9086f763d8872b1e4acb1e767753c49ccb9f54ddcac5beea6ee0c4059515f1f00082f3c1c4b2e2fa16bf0484c65b
ssdeep: 768:BnloY63njVHbKEQTGUHd/4hvvE0Bs7cYhiFw8ih4jSFcVH7564/PT:JlLoME2X/2Ecf2ph4jSSHl64/
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1A5133C007A41706BF45500F4AEBD3281F5D899702D1AE28B2B1EBEE5A9F51D7C339397
sha3_384: c1cee23787148b29fff581e2210a37c91c2c02f3e190a4b488c3e2f67cdeb9f3016e247fa93904d8123fc53157cd56ba
ep_bytes: 8b4424085756558bec81ece400000089
timestamp: 2009-07-13 23:15:07


Version Info:

CompanyName: Microsoft Corporation
FileDescription: File Compare Utility
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: Comp
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Comp.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Virus:Win32/Elly.A also known as:

LionicVirus.Win32.Elly.ts2G
MicroWorld-eScanWin32.Lecky.A
ClamAVWin.Trojan.Elly-1
FireEyeWin32.Lecky.A
CAT-QuickHealW32.Elly.A
SkyhighW32/Elly
McAfeeW32/Elly
Cylanceunsafe
ZillyaVirus.Elly.Win32.1
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaVirus:Win32/Kelly.c61b9cfd
K7GWVirus ( 002445391 )
K7AntiVirusVirus ( 002445391 )
BitDefenderThetaAI:FileInfector.E40F15760D
Elasticmalicious (high confidence)
ESET-NOD32Win32/Elly.A
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Elly.a
BitDefenderWin32.Lecky.A
NANO-AntivirusVirus.Win32.Elly.fmya
AvastWin32:Kelly-A
TencentVirus.Win32.Elly.b
EmsisoftWin32.Lecky.A (B)
F-SecureMalware.W32/Kelly
DrWebWin32.Kelly.23998
VIPREWin32.Lecky.A
TrendMicroPE_KELLY.A
SophosMal/Generic-R
IkarusVirus.Win32.Elly
GDataWin32.Lecky.A
JiangminWin32/Elly.a
WebrootW32.Virus.Elly.Gen
GoogleDetected
AviraW32/Kelly
Antiy-AVLVirus/Win32.Elly.a
Kingsoftmalware.kb.a.890
XcitiumVirus.Win32.Elly.A@2oofob
ArcabitWin32.Lecky.A
ZoneAlarmVirus.Win32.Elly.a
MicrosoftVirus:Win32/Elly.A
VaristW32/Elly.A
AhnLab-V3Win32/Elly
Acronissuspicious
VBA32Virus.Win32.Kelly
ALYacWin32.Lecky.A
MAXmalware (ai score=87)
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/YlleK.A
ZonerProbably Heur.ExeHeaderL
TrendMicro-HouseCallPE_KELLY.A
RisingVirus.Elly!1.A221 (CLASSIC)
YandexWin32.Kelly.A
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.W32.Elly.A
FortinetW32/Elly.A
AVGWin32:Kelly-A
DeepInstinctMALICIOUS

How to remove Virus:Win32/Elly.A?

Virus:Win32/Elly.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment