Win32:Malware-gen

Posted: July 5, 2010
Threat Metric
Threat Level: 10/10
Infected PCs 31,225

Win32:Malware-gen Description

Win32 Malware.Gen is a generic term used to describe potentially dangerous software applications targeting 32-Bit Windows PC systems. The threat came into view after multiple antivirus programs conducted a heuristic analysis of its file structure and behavior, spotting worryingly close similarities with other known forms of malicious software.

Many Threats Under One Guise

Although Win32 Malware.Gen currently resides under various names (see the list below) in dozens of AV databases, security researchers are still reluctant to go into detail about the threat's real purpose. That does not mean Win32 Malware.Gen is devoid of any suspicious command lines and instructions. There are plenty of them hard-coded within Win32 Malware.Gen. However, what they represent is nothing but a hodgepodge of features generally found in mostly different types of malware. While some of them are typical of Trojans, others may relate to worms, still others – to spyware and ransomware. When left unattended, these potentially malicious commands could perform some nasty actions, including, but not limited to:

  • Executing a Trojan / Ransomware payload
  • Replicating a virus
  • Distributing a worm
  • Overwriting and deleting files
  • Shielding the existence of a suspicious file once it has landed on the targeted PC system

Depending on the circumstances, Win32 Malware.Gen may prove capable of triggering one or more of the activities mentioned above without prior notice. As a result, a targeted user may experience a wide array of unexpected 'visitors' on his/her machine – personal data keyloggers, remote access tools, persistent pop-up advertisements, and so on. If this were not enough, individual reports have revealed that Win32 Malware.Gen may sometimes flag an executable as malicious when it is, in fact, completely harmless, thus indicating the so-called false positive.

A Myriad of Entry Points

Since Win32 Malware.Gen is capable of infecting target PCs with more than one type of malware, it may penetrate a computer system using more than one technique. The infection vectors used by Win32 Malware.Gen range from unsolicited email, malvertising on the Web, network distribution, or through fake AV software updates. It is this multi-pronged attack that may turn this otherwise vague threat into one that could have dire consequences for each infected system. In the best-case scenario, victims may end up bombarded with constant false positives, while in the worst-case – with stolen passwords and compromised bank (and other) accounts. Dragging the PC into a remote-controlled Distributed Denial-of-Service (DDoS) attack is a real possibility, too.

Recommended Course of Action

Files bearing one of the file names set out in the table below should always be regarded with suspicion. Depending on the antimalware solution you use, you are likely to see a Win32 Malware.Gen infection under a slightly different detection name:

  • VCS/Environment.DigitalFN
  • Virus.Win32.Xpaj.1!O
  • HEUR:Trojan.Win32.Generic
  • Win32.TRBHO.Dl
  • TROJ_GEN.R42C3AR
  • Agent2.CBME
  • Trojan.Generic.5408453
  • Trojan.BHO!IK
  • W32/BHO.AQ!tr
  • TrojanDownloader:Win32/Regonid.A

While the detections above are all associated with a Trojan-spreading version of the Win32 Malware, there are dozens of other ones associating it with adware, backdoors, keyloggers, PUPs, Rootkits, and Worms.

Since a Win32 Malware.Gen infection may trigger many different malware attacks, removing it from the system should be a top priority. While a manual removal should do the job most of the time, it is entirely dependent on shutting down all malicious processes running in system memory and tracking down the right malicious files. Since Win32 Malware.Gen is capable of carrying a different payload every time it lands onto a target PC, it is very likely to create separate files each time. Therefore, using a reliable anti-malware solution with an up-to-date definitions database is of paramount importance, and there is practically no way around that.

Aliases


PE:Trojan.Win32.Generic.13E8CDB3!334024115VCS/Environment.DigitalFN [Antiy-AVL]Virus.Win32.Xpaj.1!OAgent2.CBME [AVG]W32/BHO.AQ!tr [Fortinet]Trojan.BHO [Ikarus]Trojan.Win32.Generic.12746B63Dropper/Bho.221184 [AhnLab-V3]TrojanDownloader:Win32/Regonid.A [Microsoft]Trojan/win32.agent.gen [Antiy-AVL]TrojanClicker.Agent.eppMal/BHO-AY [Sophos]Trojan.BHO!IKTrojan.Generic.5408453 [BitDefender]HEUR:Trojan.Win32.Generic [Kaspersky]
More aliases (238)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win32:Malware-gen may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



virustest.exe File name: virustest.exe
Size: 12.34 MB (12345678 bytes)
MD5: 6046eabb1adc975efb724b492982b376
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 13, 2011
%WINDIR%\system32\SMcoc.exe File name: SMcoc.exe
Size: 8.19 KB (8192 bytes)
MD5: b7114bd26cadc3c9db1fe918165cfbe8
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: July 9, 2013
%PROGRAMFILES%\rnamfler\radprcmp.exe File name: radprcmp.exe
Size: 172.03 KB (172032 bytes)
MD5: 4932be5378ceaae3e63e8ebe1ad2c855
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\rnamfler\
Group: Malware file
Last Updated: July 30, 2013
%APPDATA%\sistem\svchost.exe File name: svchost.exe
Size: 429.07 KB (429078 bytes)
MD5: d306de53ce9a97060e4f686566c40bc6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\sistem\
Group: Malware file
Last Updated: September 24, 2014

More files

Home Malware Programs Malware Win32:Malware-gen

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.