Categories: Malware

W32/Chir-A removal tips

The W32/Chir-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What W32/Chir-A virus can do?

Presents an Authenticode digital signature
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Anomalous binary characteristics

How to determine W32/Chir-A?


File Info:
name: 049A802C6D2CFFFEF2C7.mlwpath: /opt/CAPEv2/storage/binaries/672f5c5c7efbe877c7ef3860b91124f4787d1f248029e24bcf990d0531a1ab57crc32: D48E37E4md5: 049a802c6d2cfffef2c7c6a9fe900097sha1: acb1047a019e7f1be65d795e53dd5c9c1c2035f9sha256: 672f5c5c7efbe877c7ef3860b91124f4787d1f248029e24bcf990d0531a1ab57sha512: fd0b7f6dd340dd78eec4a63b0d2aa7d5f28092a64200253ddca3ac3b55e873a620b5083b713fc70ff81a93149acf2f96f40729f9df1a5d5e2246f5572d6f3316ssdeep: 12288:a5gArEmi72peZWc68liMXPI7XHgZQKhJgeCm7Dz/:a59i7WescHiMXwLHgZpJEI/type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14BF4CF52F7E19932F1B293304AB5B335DA7FBD390C23831F95246D6A38716A19A75303sha3_384: e54479d7f5b28a20d311352cfa4e963ce0b6db60e183035b3ff31f0bdef8da803e808200d7f803295adea00a86769bd3ep_bytes: 60e8e61900008b742420e80800000061timestamp: 2010-03-16 09:56:22
Version Info:
CompanyName: Microsoft CorporationFileDescription: Microsoft Office Document CacheFileVersion: 14.0.4757.1000InternalName: CacheLegalCopyright: © 2010 Microsoft Corporation.  All rights reserved.LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.OriginalFilename: msosync.exeProductName: Microsoft Office 2010ProductVersion: 14.0.4757.1000Translation: 0x0000 0x04e4

W32/Chir-A also known as:

Bkav	W32.ChirBPE
Lionic	Worm.Win32.Runouce.lk4E
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Runouce.B@mm
ClamAV	Win.Worm.Brontok-88
FireEye	Generic.mg.049a802c6d2cfffe
CAT-QuickHeal	W32.Runouce.B
Skyhigh	BehavesLike.Win32.Virut.bc
McAfee	W32/Chir.b@MM
Cylance	unsafe
Zillya	Worm.RunOnce.Win32.2
Sangfor	Worm.Win32-Script.Save.Nimda
K7AntiVirus	Trojan ( 00176e371 )
Alibaba	Virus:Win32/Runouce.3ed7
K7GW	Trojan ( 00176e371 )
Cybereason	malicious.a019e7
BitDefenderTheta	AI:FileInfector.F1BE214812
VirIT	Win32.Runouce.D
Symantec	W32.Chir.B@mm
ESET-NOD32	Win32/Chir.B
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Virus.Win32.Chir.gen
BitDefender	Win32.Runouce.B@mm
NANO-Antivirus	Virus.Win32.Runouce.bxafx
Avast	Win32:Oncer [Inf]
Tencent	Worm.Win32.Runouce.d
TACHYON	Virus/W32.Runouce
Emsisoft	Win32.Runouce.B@mm (B)
Baidu	Win32.Virus.ChineseHacker.a
F-Secure	Malware.W32/Chir.B
DrWeb	Win32.Runonce.6652
VIPRE	Win32.Runouce.B@mm
TrendMicro	PE_Chir.B
Trapmine	malicious.high.ml.score
CMC	Virus.Worm.Win32.Runouce.1!O
Sophos	W32/Chir-A
Ikarus	Email-Worm.Win32.Runouce.B
GData	Win32.Worm.Runouce.A
Jiangmin	Win32/cnPeace.b
Google	Detected
Avira	W32/Chir.B
Antiy-AVL	Worm[Email]/Win32.Runouce.b
Kingsoft	Win32.Type.b.6637
Xcitium	EmailWorm.Win32.Runonce.~v001@1qup51
Arcabit	Win32.Runouce.E2C45E
ViRobot	Win32.Chir.B
ZoneAlarm	HEUR:Virus.Win32.Chir.gen
Microsoft	Virus:Win32/Chir.B@mm
Varist	W32/Thecid.B@mm
AhnLab-V3	Win32/ChiHack.6652
VBA32	Virus.Win32.Chur.A
ALYac	Win32.Runouce.B@mm
MAX	malware (ai score=84)
Malwarebytes	Chir.Spyware.Infostealer.DDS
Panda	Generic Malware
TrendMicro-HouseCall	PE_Chir.B
Rising	Worm.ChineseHacker-2 (CLASSIC)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Virus.W32.Runouce.B
Fortinet	W32/Chir.C!tr
AVG	Win32:Oncer [Inf]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)