Win32/Injector.KRW removal tips

The Win32/Injector.KRW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Injector.KRW virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Injector.KRW?


File Info:
name: FFD6774DE61DCB39FE24.mlw
path: /opt/CAPEv2/storage/binaries/b9ca5f6669a9e7c78c5b5463a31c9eba8c90c77be4b5691ef5b2949eaf8cc824
crc32: 936125A0
md5: ffd6774de61dcb39fe24b8b767e391e9
sha1: 0b8641a48dac9292f87a9ec0aa0a2f4d676b57e0
sha256: b9ca5f6669a9e7c78c5b5463a31c9eba8c90c77be4b5691ef5b2949eaf8cc824
sha512: a8ac813b28c20ce3a05753db95a6f2a7004d1b8c62ea63b6f46466500a8df8ad07d9ec2b47f44f6e97520e579cec006b16c0ad7471d20985505f62a459793cd5
ssdeep: 768:lYofMK+gS1rTdJ96Fx987k701zGmAQ20J/j8TCox0rqU0F0KfnUr7uK7d1a:lYK+x1r16FP87PW0J/j8mothfU2Ma
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7831A13BB691111F31249721831A1E9E66A7E331D02BA5F7708BF8C2C791D7A975B0F
sha3_384: d031aa4f4676df64f64d26de678f2d536d7a13c2286096bc852242b0aa9316752a6601b6c61920912293ffe04f827b49
ep_bytes: 68a01a4000e8eeffffff000000000000
timestamp: 2011-11-06 20:03:55

Version Info:
0: [No Data]

Win32/Injector.KRW also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
FireEye	Generic.mg.ffd6774de61dcb39
McAfee	Artemis!FFD6774DE61D
Sangfor	Suspicious.Win32.Save.vb
Cybereason	malicious.48dac9
Arcabit	Trojan.Mint.Zitirez.EE27EA
Symantec	Trojan.Gen.2
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Injector.KRW
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Qhost.bfed
BitDefender	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
Rising	Malware.Undefined!8.C (TFE:3:x4Zeqkz60JH)
Ad-Aware	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
Sophos	ML/PE-A
Comodo	TrojWare.Win32.Scar.FFM@4lax46
VIPRE	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
McAfee-GW-Edition	New Malware.d
Trapmine	suspicious.low.ml.score
Emsisoft	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc (B)
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
Google	Detected
VBA32	BScope.Backdoor.Poison
ALYac	Gen:Heur.Mint.Zitirez.fmW@bSrzf9giIc
APEX	Malicious
Yandex	Trojan.GenAsa!4v+LkPll1ig
Ikarus	Backdoor.Win32.BsBot
Fortinet	W32/Injector.BS!tr
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Win32/Injector.KRW?

Win32/Injector.KRW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X