Win32/Injector.IRE removal guide

The Win32/Injector.IRE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Injector.IRE virus can do?

The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Anomalous binary characteristics

How to determine Win32/Injector.IRE?


File Info:
crc32: 4D84DEE6
md5: feb5bf5f8a19b05654ceaa85f87243c7
name: FEB5BF5F8A19B05654CEAA85F87243C7.mlw
sha1: 6c31278bba226f1dadda958def26fc74996da3b3
sha256: 34601886faa2efbc8f5a8208c834a2ae0fdef15909518f69e2f5a8b75f616841
sha512: cf6891221de0390e7e74205c46fb7e60b5bd2f49d9d272f0662627063a87695fedff33ee01dfbec81f75f69d369d1767ac2837e70ea84b40b83b21854985f8cd
ssdeep: 49152:nHi2DcM5byZ97edaq92PTNlO/yzETw3FQeBjUIdLhK9E22z:nCw5byZ9GoGgFQe+IdLc9E20
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
Translation: 0x0409 0x04b0
LegalCopyright: YhF
InternalName: Project1
FileVersion: 2.00.0001
CompanyName: DVEb
LegalTrademarks: PKKJ
Comments: vLjkLUg
ProductName: mDHJBaph
ProductVersion: 2.00.0001
FileDescription: File Description
OriginalFilename: Project1.exe

Win32/Injector.IRE also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop2.61630
ClamAV	Win.Trojan.Injector-179
ALYac	Gen:Variant.Barys.1409
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_60% (W)
BitDefender	Gen:Variant.Barys.1409
Cybereason	malicious.f8a19b
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.IRE
Zoner	Probably Heur.ExeHeaderP
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Dropper.Win32.Injector.bxo
MicroWorld-eScan	Gen:Variant.Barys.1409
Ad-Aware	Gen:Variant.Barys.1409
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZevbaF.34266.ewKfaymvSHdi
FireEye	Generic.mg.feb5bf5f8a19b056
Emsisoft	Gen:Variant.Barys.1409 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Injector.ln
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.B0F94
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Barys.1409
VBA32	TScope.Trojan.VB
MAX	malware (ai score=80)
TrendMicro-HouseCall	TROJ_PAM_0000010066.T3
Rising	Malware.Heuristic!ET#98% (RDMK:cmRtazp/VgKeyr2iMTJIdnayXvRV)
Yandex	Trojan.GenAsa!PSWoo4EBJnc
Ikarus	Gen.Trojan.Heur
Fortinet	W32/Refroso.DZP!tr

How to remove Win32/Injector.IRE?

Win32/Injector.IRE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X