By name, win32:malware-gen attacks Microsoft Windows. It has been reported frequently by anti-virus programs, especially Avast. Belonging to Trojan Horse, Win32:malware-gen is adept at opening backdoor and recording stored information. Usually, victims do not find the clue to where win32:malware-gen comes from due to the elusive dissemination routine it applies:
Win32:Malware-gen can be traced back in 2010 and the efficient removal way has always been pertained to manual method when quarantine is the best that most security utilities can do. As a matter of fact, some items that are recognized by system as legit are utilized by win32:Malware-gen to support its operation, making it possible to stay on a target machine that is protected by anti-virus programs without being removed automatically and permanently.
When win32:malware-gen succeeds in settling down on a machine, drivers are numerated to be overwritten with vicious codes so that system processes will be affected subsequently and Database will be modified without disturbance. In such case, svchost.exe and the like will be scanned by win32:malware-gen, which results in information collection. Other legit items like autorun.inf and desktop.ini are also being generated and utilized by win32:malware-gen to help reclaim all vicious components on the occurrence of incomplete removal.
All these give rise to backdoor invisible to victims, serving to upload collected information for its attacker to generate revenue by reselling it and download more vicious code to help with additional infiltration for commission. Such backdoor can be dangerous, not because it alleviates additional installation of infections, but because unsolicited access can be made possible, which would make the target machine one of puppet machines to distribute police virus without knowledge and permission.
After learning the malicious features of win32:malware-gen, VilmaTech Online Support believes that the removal is realized to be in desperate need. Below is the latest instruction to remove win32:malware-gen according to the improvement that the Trojan has made to maintain alive on the Internet. All vicious items should be removed so that success can be guaranteed. If you don’t know which legit items should be removed due to deficient computer knowledge, you are welcome to get professional help from one of specialized technicians at Global PC Support Center.
One – Access Database to Modify Regedit and remove some generated vicious items.
HKEY_CLASSES_ROOTWindowFiles\Check_Associations
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetINTEXPLORE.pif\ToP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\[random numbers and letters]
HKEY_CLASSES_ROOTCLSID{random numbers} shellOpenHomePageCommand.
HKEY_CURRENT_USERSoftwareVB\Check_Associations
Two – Unveil all hidden items and remove vicious items.
tip: since all hidden files are hidden, one should use extra prudence when carry out the steps since any mistake may incur unexpected mechanical problem.
Windows 8
Windows 7/XP/Vista
1. Navigate to the following directory to find and delete every files and folders named after win32:Malware-gen.
- C:\windows\winstart.bat
- C:\windows\wininit.ini
- C:\windows\Autoexec.bat
2. Navigate to c:\windows\System32 and remove any item created on the day win32:malware-gen detected.
3. Remove all temp folders under System32.
4. Scan for win32:malware-gen with anti-virus prorgam to pinpoint the disk where it exists and use cmd line afterward to help remove all the desktop.ini file there.
- Bring up a run box with Win key and R key and type “cmd.exe”.
- Hit Enter key to get a flashing slash or line.
- Type “/s” there and hit enter key to remove all desktop.ini files located in the place where win32:malware-gen settles down.
Three – Run full scan with reputable anti-virus program again, try to remove any possible items.
Summary
Win32:Malware-gen is categorized as a Trojan Horse that is good at affecting legit items and helping with long-lasting settlement. Due to the ability to collect information, win32:malware-gen manages to fake vivid programs to trap for download and infiltrate a system without knowledge. Manual removal method is always recommended when removing win32:malware-gen due to the fact that anti-virus programs do not deal with items that are considered to be legit by Windows. However, certain level of computer skills are required to carry out the manual removal since mistaken removal may trigger mechanical problems. If win32:malware-gen worries you much and overwhelms you or if additional problems are hindering successful removal, it is advisable to contact VilmaTech Online Support and get on-demand assistance right away.
