Categories: Rootkit

Should I remove “Dropped:Generic.Rootkit.Gooser.011C73CD”?

The Dropped:Generic.Rootkit.Gooser.011C73CD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Generic.Rootkit.Gooser.011C73CD virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Dropped:Generic.Rootkit.Gooser.011C73CD?



File Info:

name: 0C5D5F2D0DD70D46E181.mlwpath: /opt/CAPEv2/storage/binaries/4f99354ba9866e65d87fb397d0c7468bb060aa912fa207d4f52f287564ff1e67crc32: B0139038md5: 0c5d5f2d0dd70d46e1812e4a25c03864sha1: accd8d24c30918e2d244bdbd6510f615e39a3ddesha256: 4f99354ba9866e65d87fb397d0c7468bb060aa912fa207d4f52f287564ff1e67sha512: f49076c251755e75a5fa34b9474decfbcb27fc4ac33475a8bb3b012a7fab73c0d60a4b0caaba535116648b866ca1bf0b135d3d458486872e8e36ce3acce51433ssdeep: 768:qpvFrkRmnfYNSxE+WpJhUjkeDRmMK2ftkqt/n4X0Zn5:qjgQfYA2+cJqjvNt+W/1p5type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T133E2E0027BE650A5F885C2700A61D67FE74DFCA48FB2C7E90E4EDB8E1E6116D19350A3sha3_384: b4ac8c3720d7eebfa21e1d6cb8d3363efbaa4006a2dfdd3d2651ed46981383015b6fb26febd91ff06f8aeb4cf5ff529bep_bytes: 60be00f040008dbe0020ffff5783cdfftimestamp: 2008-12-09 14:13:30

Version Info:

Comments: CompanyName: FileDescription: FileVersion: 1, 0, 0, 1InternalName: LegalCopyright: Copyright ? 2008LegalTrademarks: OriginalFilename: PrivateBuild: ProductName: ProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x0804 0x04b0

Dropped:Generic.Rootkit.Gooser.011C73CD also known as:

Lionic Trojan.Win32.Agent.lgJD
MicroWorld-eScan Dropped:Generic.Rootkit.Gooser.011C73CD
ClamAV Win.Downloader.61873-1
FireEye Generic.mg.0c5d5f2d0dd70d46
CAT-QuickHeal Trojan.Dogrobot.J.mue
McAfee GenericRXAA-AA!0C5D5F2D0DD7
Cylance Unsafe
VIPRE Dropped:Generic.Rootkit.Gooser.011C73CD
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0005d28d1 )
Alibaba Backdoor:Win32/Gofot.85df3496
K7GW Trojan ( 0005d28d1 )
Cybereason malicious.d0dd70
Baidu Win32.Trojan.Agent.aao
VirIT Trojan.Win32.Agent3.LFY
Cyren W32/S-5c22485d!Eldorado
Symantec Trojan.Dropper
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.ONB
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Gofot.cyp
BitDefender Dropped:Generic.Rootkit.Gooser.011C73CD
NANO-Antivirus Trojan.Win32.Agent.qbou
Avast FileRepMalware [Trj]
Tencent Win32.Trojan-Downloader.Oader.Oqil
Ad-Aware Dropped:Generic.Rootkit.Gooser.011C73CD
Sophos ML/PE-A + Mal/Behav-009
Comodo TrojWare.Win32.PSW.OnLineGames.~KCT@1hzq0
DrWeb Trojan.DownLoader5.28948
Zillya Trojan.Agent.Win32.25165
TrendMicro TROJ_DLOADR.ERC
McAfee-GW-Edition BehavesLike.Win32.Generic.nc
Trapmine malicious.moderate.ml.score
Emsisoft Dropped:Generic.Rootkit.Gooser.011C73CD (B)
Ikarus Trojan.Win32.AntiAV
GData Dropped:Generic.Rootkit.Gooser.011C73CD
Jiangmin TrojanDownloader.Agent.anuz
Webroot W32.Farfli.Gen
Avira TR/Agent.gnyo
Antiy-AVL Trojan/Generic.ASMalwS.2D
Arcabit Generic.Rootkit.Gooser.011C73CD
ViRobot Trojan.Win32.Agent.33280.AF
Microsoft Trojan:Win32/Skeeyah.A!rfn
Google Detected
AhnLab-V3 Trojan/Win32.Agent.R1326
VBA32 BScope.TrojanDownloader.Agent
ALYac Dropped:Generic.Rootkit.Gooser.011C73CD
MAX malware (ai score=100)
Malwarebytes Malware.Heuristic.1003
TrendMicro-HouseCall TROJ_DLOADR.ERC
Rising Backdoor.Farfli!8.B4 (TFE:5:Aj3Gs30OVH)
Yandex Trojan.GenAsa!Uj8n+CfftEw
SentinelOne Static AI – Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Runner.BV!tr
BitDefenderTheta AI:Packer.98B24AF01F
AVG FileRepMalware [Trj]
Panda Trj/Downloader.UZB
CrowdStrike win/malicious_confidence_70% (W)

How to remove Dropped:Generic.Rootkit.Gooser.011C73CD?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Dropped:Generic.Rootkit.Gooser.011C73CD
2 years ago

Recent Posts

Lazy.280688 removal guide

The Lazy.280688 is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago

Malware.AI.3454153382 information

The Malware.AI.3454153382 is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago

Midie.100502 removal tips

The Midie.100502 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.3915743673 (file analysis)

The Malware.AI.3915743673 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.2034266737 removal

The Malware.AI.2034266737 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Trojan.Win32.Agent.xbmkmt removal tips

The Trojan.Win32.Agent.xbmkmt is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago