Worm

Worm:Win32/Kelvir.HM malicious file

Malware Removal

The Worm:Win32/Kelvir.HM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Kelvir.HM virus can do?

  • Executable code extraction
  • Creates a hidden or system file
  • Anomalous binary characteristics

How to determine Worm:Win32/Kelvir.HM?


File Info:

crc32: 18AC43C9
md5: 5c0dc6b397e0cdbe64913a829a559669
name: 5C0DC6B397E0CDBE64913A829A559669.mlw
sha1: f850dad71b3371a7af8777743854c57a83999a9e
sha256: 8933e1563a7481debc7e1f09509e774c26824fd357612d756c6d2d36648c04b3
sha512: 9887761306bf1518cff23b0066cb321b0fa2503f32b9f0c9c96233f2dab87e5349b6d1e942023560d968d7b79b1019cc6b59298784b96afa927ff5a9f42d4dc9
ssdeep: 768:rxecjS3NV4hM0Tef/Or+wC6F1BL0Usharp6Xn22bnV/2AMg0VYAQNtNK4Oeepsz:rPjINV4hC/+5BFzL0UshENNTP0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0409 0x04b0
ProductVersion: 1.00
InternalName: sequence
FileVersion: 1.00
OriginalFilename: sequence.exe
ProductName: Project1

Worm:Win32/Kelvir.HM also known as:

K7AntiVirusTrojan ( 0055e39b1 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.32060898
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.39940
SangforTrojan.Win32.Save.a
K7GWTrojan ( 0055e39b1 )
Cybereasonmalicious.397e0c
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/AutoRun.VB.BKE
APEXMalicious
AvastWin32:VB-LHE [Drp]
KasperskyTrojan-Ransom.Win32.PolyRansom.qgw
BitDefenderTrojan.GenericKD.32060898
NANO-AntivirusTrojan.Win32.VB.trang
MicroWorld-eScanTrojan.GenericKD.32060898
TencentMalware.Win32.Gencirc.114b68df
Ad-AwareTrojan.GenericKD.32060898
SophosML/PE-A + Mal/Emogen-H
ComodoTrojWare.Win32.Pasta.SAB@3903zl
BitDefenderThetaGen:NN.ZevbaF.34670.em0@aCtJcmfi
VIPRETrojan.Win32.Generic!SB.0
TrendMicroTROJ_FRS.0NA103C519
McAfee-GW-EditionBehavesLike.Win32.Virus.kt
FireEyeGeneric.mg.5c0dc6b397e0cdbe
EmsisoftTrojan.GenericKD.32060898 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Blocker.aeo
WebrootW32.Malware.Gen
AviraTR/VB.Downloader.Gen
eGambitUnsafe.AI_Score_97%
KingsoftWin32.Heur.KVM006.a.(kcloud)
MicrosoftWorm:Win32/Kelvir.HM
GDataTrojan.GenericKD.32060898
AhnLab-V3Trojan/Win32.Agent.R66584
McAfeeArtemis!5C0DC6B397E0
MAXmalware (ai score=83)
VBA32Malware-Cryptor.VB.gen.1
MalwarebytesWorm.AutoRun
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_FRS.0NA103C519
RisingTrojan.Win32.Generic.13C3A01D (C64:YzY0OldRUAeB6hCJ)
YandexTrojan.GenAsa!/uG7xeUrueA
IkarusTrojan.Win32.Spy
FortinetW32/Emogen.H
AVGWin32:VB-LHE [Drp]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.PolyRansom.HwMAxX8A

How to remove Worm:Win32/Kelvir.HM?

Worm:Win32/Kelvir.HM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment