VilmaTech.com > VilmaTech Blog > Win32:Malware-gen, Remove Win32:malware-gen Virus Manually and Successfully

Win32:Malware-gen, Remove Win32:malware-gen Virus Manually and Successfully

Published on January 24, 2014

What Is Win32:malware-gen?

By name, win32:malware-gen attacks Microsoft Windows. It has been reported frequently by anti-virus programs, especially Avast. Belonging to Trojan Horse, Win32:malware-gen is adept at opening backdoor and recording stored information. Usually, victims do not find the clue to where win32:malware-gen comes from due to the elusive dissemination routine it applies:

  1. Insert its virulent code on some third-party programs, freeware and shareware particularly.
  2. Fake computer-friendly programs such as counterfeit anti-virus programs to lure unwitting download of win32:malware-gen.
  3. Affect Autorun.inf of portable hard drive or the like to attack any system connected.

Anti-virus Program Can’t Remove Win32:Malware-gen

Win32:Malware-gen can be traced back in 2010 and the efficient removal way has always been pertained to manual method when quarantine is the best that most security utilities can do. As a matter of fact, some items that are recognized by system as legit are utilized by win32:Malware-gen to support its operation, making it possible to stay on a target machine that is protected by anti-virus programs without being removed automatically and permanently.

When win32:malware-gen succeeds in settling down on a machine, drivers are numerated to be overwritten with vicious codes so that system processes will be affected subsequently and Database will be modified without disturbance. In such case, svchost.exe and the like will be scanned by win32:malware-gen, which results in information collection. Other legit items like autorun.inf and desktop.ini are also being generated and utilized by win32:malware-gen to help reclaim all vicious components on the occurrence of incomplete removal.

All these give rise to backdoor invisible to victims, serving to upload collected information for its attacker to generate revenue by reselling it and download more vicious code to help with additional infiltration for commission. Such backdoor can be dangerous, not because it alleviates additional installation of infections, but because unsolicited access can be made possible, which would make the target machine one of puppet machines to distribute police virus without knowledge and permission.

After learning the malicious features of win32:malware-gen, VilmaTech Online Support believes that the removal is realized to be in desperate need. Below is the latest instruction to remove win32:malware-gen according to the improvement that the Trojan has made to maintain alive on the Internet. All vicious items should be removed so that success can be guaranteed. If you don’t know which legit items should be removed due to deficient computer knowledge, you are welcome to get professional help from one of specialized technicians at Global PC Support Center.

live chat

 

Latest Removal Instruction to Remove Win32:malware-gen Virus Manually and Successfully

One – Access Database to Modify Regedit and remove some generated vicious items.

  • Hold and Press Win key and R key at once to put “regedit” in the pop-up box; hit Enter key will bring you to Database.                                                                                                       win+r
  • When in, press Ctrl and F key together to type “regedit” in another pop-up Find box and hit Enter key.
  • There will be a long list of result, scroll files and find regedit.exe under Windows carefully.
  • Right click on it to select ‘Modify’ to substitute ‘regedit.exe’ with ‘regedit.com’.                                                                                                                                                                  modify regedit under windows
  • When done, it is time to remove other vicious entries and values:

HKEY_CLASSES_ROOTWindowFiles\Check_Associations
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetINTEXPLORE.pif\ToP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\[random numbers and letters]
HKEY_CLASSES_ROOTCLSID{random numbers} shellOpenHomePageCommand.
HKEY_CURRENT_USERSoftwareVB\Check_Associations

  • Back to C:\WINDOWS\regedit.com that we just changed and change the extension back to .exe.

 
Two – Unveil all hidden items and remove vicious items.

tip: since all hidden files are hidden, one should use extra prudence when carry out the steps since any mistake may incur unexpected mechanical problem.

Windows 8

  • Click open Windows Explorer and go to its View tab to tick the boxes next to ‘File name extensions’ and ‘Hidden items’ options.                                                                                                            win8 hidden file

 
Windows 7/XP/Vista

  • Click Start Menu and access Control Panel so as to enter into Folder Options under user accounts and family safety;  tick the box next to ‘Show hidden files and folders and non-tick the box next to ‘Hide protected operating system files (Recommended)’.folder options1

1. Navigate to the following directory to find and delete every files and folders named after win32:Malware-gen.

  • C:\windows\winstart.bat
  • C:\windows\wininit.ini
  • C:\windows\Autoexec.bat

2. Navigate to  c:\windows\System32 and remove any item created on the day win32:malware-gen detected.

3.  Remove all temp folders under System32.

4. Scan for  win32:malware-gen with anti-virus prorgam to pinpoint the disk where it exists and use cmd line afterward to help remove all the desktop.ini file there.

  • Bring up a run box with Win key and R key and type “cmd.exe”.
  • Hit Enter key to get a flashing slash or line.
  • Type “/s” there and hit enter key to remove all desktop.ini files located in the place where win32:malware-gen settles down.

 
Three – Run full scan with reputable anti-virus program again, try to remove any possible items.

 

Summary

Win32:Malware-gen is categorized as a Trojan Horse that is good at affecting legit items and helping with long-lasting settlement. Due to the ability to collect information, win32:malware-gen manages to fake vivid programs to trap for download and infiltrate a system without knowledge. Manual removal method is always recommended when removing win32:malware-gen due to the fact that anti-virus programs do not deal with items that are considered to be legit by Windows. However, certain level of computer skills are required to carry out the manual removal since mistaken removal may trigger mechanical problems. If win32:malware-gen worries you much and overwhelms you or if additional problems are hindering successful removal, it is advisable to contact VilmaTech Online Support and get on-demand assistance right away.

live chat