The FileRepMetagen [Malware] file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
What FileRepMetagen [Malware] virus can do?
- Executable code extraction
- Creates RWX memory
- A process attempted to delay the analysis task.
- A process created a hidden window
- Attempts to remove evidence of file being downloaded from the Internet
- Deletes its original binary from disk
- Sniffs keystrokes
- Attempts to repeatedly call a single API many times in order to delay analysis time
- Steals private information from local Internet browsers
- Installs itself for autorun at Windows startup
- Creates a hidden or system file
- Checks the CPU name from registry, possibly for anti-virtualization
- Creates a copy of itself
- Harvests credentials from local FTP client softwares
- Harvests information related to installed mail clients
- The sample wrote data to the system hosts file.
- Collects information to fingerprint the system
How to determine FileRepMetagen [Malware]?
General:
Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: DeepScan:Generic.MSIL.PasswordStealerD.2B35556A (B)
File Info:
Name: 2020.exe
Size: 327680
Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5: 89cfd747c8f05f8bacbbad3196662377
SHA1: 2f031bf08ff5752675e85e65bb96f1de77142a4d
SH256: c65fca681836bfa3a15a88e1d0bd1efba388b8d7055ca61d67d756854578edf7
Version Info:
[No Data]
FileRepMetagen [Malware] also known as:
ALYac | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
APEX | Malicious |
AVG | FileRepMetagen [Malware] |
Ad-Aware | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
AegisLab | Trojan.Win32.DeepScan.4!c |
AhnLab-V3 | Trojan/Win32.AgentTesla.C3450450 |
Alibaba | TrojanPSW:MSIL/Agensla.2a4bdd4f |
Antiy-AVL | Trojan/Win32.Wacatac |
Arcabit | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
Avast | FileRepMetagen [Malware] |
Avira | TR/Dropper.Gen |
BitDefender | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
BitDefenderTheta | AI:Packer.0B9C437920 |
CAT-QuickHeal | Trojan.Wacatac |
CrowdStrike | win/malicious_confidence_100% (W) |
Cybereason | malicious.7c8f05 |
Cylance | Unsafe |
Cyren | W32/Trojan.RINM-1129 |
ESET-NOD32 | a variant of MSIL/Spy.Agent.AES |
Emsisoft | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A (B) |
Endgame | malicious (high confidence) |
F-Prot | W32/MSIL_Troj.RC.gen!Eldorado |
F-Secure | Trojan.TR/Dropper.Gen |
FireEye | Generic.mg.89cfd747c8f05f8b |
Fortinet | MSIL/Agent.AES!tr.spy |
GData | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
Ikarus | Trojan.MSIL.Spy |
Invincea | heuristic |
K7AntiVirus | Spyware ( 004bf53c1 ) |
K7GW | Spyware ( 004bf53c1 ) |
Kaspersky | HEUR:Trojan-PSW.MSIL.Agensla.gen |
MAX | malware (ai score=100) |
Malwarebytes | Spyware.AgentTesla.MSIL |
MaxSecure | Trojan.Malware.300983.susgen |
McAfee | GenericRXII-SF!89CFD747C8F0 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fh |
MicroWorld-eScan | DeepScan:Generic.MSIL.PasswordStealerD.2B35556A |
Microsoft | Backdoor:MSIL/Remcos!MTB |
NANO-Antivirus | Trojan.Win32.Mlw.gfscwh |
Paloalto | generic.ml |
Panda | Trj/GdSda.A |
Qihoo-360 | Win32/Trojan.PWS.d75 |
Rising | Spyware.AgentTesla!1.B864 (CLASSIC) |
SentinelOne | DFI – Malicious PE |
Sophos | Mal/Generic-S |
Symantec | Trojan.Gen.MBT |
Trapmine | malicious.moderate.ml.score |
TrendMicro | TROJ_GEN.R002C0PK419 |
TrendMicro-HouseCall | TROJ_GEN.R002C0PK419 |
VIPRE | Trojan.Win32.Generic!BT |
Webroot | W32.Trojan.Gen |
Zillya | Trojan.Agent.Win32.1167353 |
ZoneAlarm | HEUR:Trojan-PSW.MSIL.Agensla.gen |
eGambit | Unsafe.AI_Score_99% |
How to remove FileRepMetagen [Malware]?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment