Worm

Worm:Win32/Autorun!mclg removal

Malware Removal

The Worm:Win32/Autorun!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Autorun!mclg virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Worm:Win32/Autorun!mclg?



File Info:

name: 79EAABE0E9A32C34975F.mlw
path: /opt/CAPEv2/storage/binaries/0af901f2dbccb0f1f64c6450b4947537549f957b763ca75d403e3afcb09fb3bd
crc32: DD76EE54
md5: 79eaabe0e9a32c34975fb8701ba639bb
sha1: ca8b3a201f21f77dba73d05797616d72b0e8b84e
sha256: 0af901f2dbccb0f1f64c6450b4947537549f957b763ca75d403e3afcb09fb3bd
sha512: bd3c6af10a9053af9320682b61ac9dabb5d4893cb8a2d6c71956b4202039e77b82cdb63b530cba82070c866ae664cc2c64de7dc9b883e507a74d2ff9315bdbd7
ssdeep: 3072:m4t6kn/I8/4FK8CFMGRY154rXSMYhoT+JPthK4HHWUo7CvYuoNszVjjn2PapPqDJ:T8kL8cplrXQhPm4BouVpyjfM5cIPoub
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T120D46DA332CA6636C6D8563C613280B10D6FFD25661D82DF3386364B5DBD1DEEA80637
sha3_384: f0ed3eb3ee21c24079f8726b5ee7292001ff012bedeacf0943f66ae4d67d148017dae319c289654b248436e580bb322d
ep_bytes: ff25008044000100a900000100000000
timestamp: 2021-10-08 13:16:19


Version Info:

Comments: Free Folder Mover
CompanyName: FolderMove.com
FileDescription: FolderMove
FileVersion: 3.0.0
InternalName: FolderMove.exe
LegalCopyright: Copyright © 2022 风之暇想
OriginalFilename: FolderMove.exe
ProductName: FolderMove
ProductVersion: 3.0.0
Assembly Version: 3.0.0.0
Translation: 0x0804 0x03a8

Worm:Win32/Autorun!mclg also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.VMProtect.4!c
MicroWorld-eScanGen:Variant.MSILHeracles.28676
SkyhighGenericRXQL-ZJ!79EAABE0E9A3
ALYacGen:Variant.MSILHeracles.28676
Cylanceunsafe
SangforTrojan.Win32.Packed.V1qe
K7AntiVirusTrojan ( 7000001c1 )
AlibabaPacked:MSIL/VMProtect.1880c29f
K7GWTrojan ( 7000001c1 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Packed.VMProtect.C suspicious
APEXMalicious
BitDefenderGen:Variant.MSILHeracles.28676
AvastWin32:Malware-gen
SophosMal/Generic-S (PUA)
VIPREGen:Variant.MSILHeracles.28676
TrendMicroTROJ_GEN.R002C0DAA24
EmsisoftGen:Variant.MSILHeracles.28676 (B)
SentinelOneStatic AI – Suspicious PE
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftWorm:Win32/Autorun!mclg
ArcabitTrojan.MSILHeracles.D7004
GDataGen:Variant.MSILHeracles.28676
AhnLab-V3Malware/Win32.RL_Generic.C3657658
McAfeeGenericRXQL-ZJ!79EAABE0E9A3
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002C0DAA24
RisingWorm.Autorun!8.50 (CLOUD)
IkarusPUA.MSIL.Vmprotect
FortinetPossibleThreat.PALLAS.H
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Worm:Win32/Autorun!mclg?

Worm:Win32/Autorun!mclg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment