Malware

Win32/MailRu.R potentially unwanted removal instruction

Malware Removal

The Win32/MailRu.R potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MailRu.R potentially unwanted virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/MailRu.R potentially unwanted?



File Info:

name: 837D758A1A23DFA2FB7B.mlw
path: /opt/CAPEv2/storage/binaries/91f13714d463b79b315efeeab655063487b53babb57946f5d33e4e7c693e8df5
crc32: C4B1652A
md5: 837d758a1a23dfa2fb7b26aae91b9d8b
sha1: 7fd142ee04364d28221342e424940d86d590bb2c
sha256: 91f13714d463b79b315efeeab655063487b53babb57946f5d33e4e7c693e8df5
sha512: 7b2d32fd8f14fd822e03548340b610ce3e2e4c8f6933301311d868eaed0e77d174cc179898dbce615c11c19c038887cfcd958c85d3ad422ee6cf47341d1b509b
ssdeep: 3072:+5ERKdsNSE8jWf+FnGevgjFA+WzmLpJhJ4RpS:+wB8qonGeoFA0lyp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8047D1136D0C0B1D6B3023609E9AB71A6BDFD714F618B5B77984B4D1EB42C0BA36B63
sha3_384: 1924d49cd220c28dde4f2c23663aaf420e5b5955910e1ac23738e54bff473e4b9dfb6c1ed06c2ff7bde7c1fa66c185d5
ep_bytes: e83c720000e97ffeffff558bec8b4508
timestamp: 2018-04-02 14:25:18


Version Info:

CompanyName: Mail.Ru
FileDescription: Mail.Ru Launcher
FileVersion: 3.15.0.75
InternalName: launcher
LegalCopyright: Copyright 2015
OriginalFilename: launcher.exe
ProductName: Mail.Ru Launcher
ProductVersion: 3.15.0.75
Comments: 
Translation: 0x0409 0x04b0

Win32/MailRu.R potentially unwanted also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.74312
FireEyeGeneric.mg.837d758a1a23dfa2
CAT-QuickHealPUA.LoadmoneyPMF.S19249780
ALYacTrojan.GenericKDZ.74312
ZillyaTool.Agent.Win32.26977
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 005170991 )
K7GWAdware ( 005170991 )
Cybereasonmalicious.a1a23d
CyrenW32/S-2773094c!Eldorado
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/MailRu.R potentially unwanted
APEXMalicious
ClamAVWin.Malware.Mailru-6804164-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.Machaer.gen
BitDefenderTrojan.GenericKDZ.74312
SUPERAntiSpywarePUP.Downloader/Variant
AvastWin32:PUP-gen [PUP]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.GenericKDZ.74312
SophosMail.ru Downloader (PUA)
ComodoApplication.Win32.MailRu.M@7oho6u
DrWebTrojan.Revizer.1409
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
EmsisoftApplication.Downloader (A)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKDZ.74312
JiangminAdWare.Machaer.ad
AviraAPPL/MailRu.B
Antiy-AVLTrojan/Generic.ASBOL.C4F7
ViRobotTrojan.Win32.Mailru.Gen.B
MicrosoftPUAAdvertising:Win32/LoadMoney
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.MailRu.R232581
McAfeePUP-HAI
MAXmalware (ai score=88)
VBA32BScope.Adware.Machaer
MalwarebytesRiskWare.Agent
YandexTrojan.GenAsa!jAEP24k3Yx8
IkarusPUA.MailRu
eGambitUnsafe.AI_Score_99%
FortinetW32/MailRu.M!tr
AVGWin32:PUP-gen [PUP]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureAdware.Adware.Machaer.gen_172020

How to remove Win32/MailRu.R potentially unwanted?

Win32/MailRu.R potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment