About “W32.Infector.A5” infection

The W32.Infector.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What W32.Infector.A5 virus can do?

Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine W32.Infector.A5?


File Info:
crc32: 7F9D3C44
md5: 7137f9f0a86c0ee423e6f0a065acb004
name: 7137F9F0A86C0EE423E6F0A065ACB004.mlw
sha1: 741aaa603efde62b08a0bd311fbf81a287f4c1bd
sha256: 10e5fc31cb4189ce1e5dddd36d3491dc231f50ae8ca3c856446afa280421c94b
sha512: 5cc3e72cc138469921ebe881669bba0881a2192114e7634582b6f23cb2e9c4f944d3d2f9009f25a4ed1358ee84885a2c11c1f6e91ac264181898ce32afc9d24e
ssdeep: 96:gPRQKL+Z6+jDQG4NugfjAiQbrj92hSfe6Fk4s/QkLuc7OhPgGvOMnrPWuLu:gVAsGsMFrAhJNQkqc7OhOMn7Wuq
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 1992-2001 Microsoft Corp.
InternalName: ActMovie.exe
FileVersion: 6.05.2600.5512
CompanyName: Microsoft Corporation
DirectShow: DirectShow Setup Tool
ProductName: DirectShow
ProductVersion: 6.05.2600.5512
FileDescription: DirectShow Setup Tool
OriginalFilename: ActMovie.exe
Translation: 0x0409 0x04e4

W32.Infector.A5 also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.FileInfector.am0@aeAm9Md
FireEye	Generic.mg.7137f9f0a86c0ee4
CAT-QuickHeal	W32.Infector.A5
ALYac	Gen:Trojan.FileInfector.am0@aeAm9Md
K7AntiVirus	Virus ( 00508e1d1 )
K7GW	Virus ( 00508e1d1 )
Cybereason	malicious.0a86c0
Invincea	ML/PE-A + W32/HWorld-A
Cyren	W32/Hematite.F.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	HEUR:Virus.Win32.Infector
BitDefender	Gen:Trojan.FileInfector.am0@aeAm9Md
NANO-Antivirus	Virus.Win32.Infector.emtrum
Ad-Aware	Gen:Trojan.FileInfector.am0@aeAm9Md
Sophos	W32/HWorld-A
F-Secure	Trojan.TR/Patched.Gen
DrWeb	Win32.Siggen.29
TrendMicro	TROJ_GEN.R06EC0DKI20
McAfee-GW-Edition	BehavesLike.Win32.HWorld.zm
Emsisoft	Gen:Trojan.FileInfector.am0@aeAm9Md (B)
Ikarus	Virus.Win32.Agent
GData	Gen:Trojan.FileInfector.am0@aeAm9Md
Avira	TR/Patched.Gen
Antiy-AVL	GrayWare/Win32.Kryptik.Hematite
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.FileInfector.ED4C1F
ZoneAlarm	HEUR:Virus.Win32.Infector
Microsoft	Virus:Win32/Hematite.A
Cynet	Malicious (score: 100)
AhnLab-V3	Virus/Win32.Hematite.R198137
Acronis	suspicious
MAX	malware (ai score=82)
VBA32	Win32.Virus.Unknown.Heur
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Agent.NDM
TrendMicro-HouseCall	TROJ_GEN.R06EC0DKI20
Rising	Virus.Agent!1.B308 (CLASSIC)
Fortinet	W32/Agent.D17
AVG	Win32:Evo-gen [Susp]
CrowdStrike	win/malicious_confidence_60% (D)

How to remove W32.Infector.A5?

W32.Infector.A5 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X