Malware

Generic.Malware.Lco.43C17D18 removal

Malware Removal

The Generic.Malware.Lco.43C17D18 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.Malware.Lco.43C17D18 virus can do?

  • Executable code extraction
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Sniffs keystrokes
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Generic.Malware.Lco.43C17D18?


File Info:

crc32: C0885DF6
md5: af66a1e65d851cda16e93c1befdf4d7e
name: AF66A1E65D851CDA16E93C1BEFDF4D7E.mlw
sha1: c341486e282883f4dd06e37e1d9fee2d6f3ee588
sha256: 05e24638f9c1abbb8c059015e0dfbe6c9952e3f7815c86cc2d86f1d0c74e2b1e
sha512: bbdf6ea2f7a6f628ef37a7e371dfbf1931c768547a6bd1953839dc508d62903b43d3f90cc3f89740ddf0571cefbac173bb97b7a3068a9b5a15cfab528eb9ed37
ssdeep: 3072:JzA8M9+6FXCUe4v3HYImugK1zsC57mTSDWnJ+RDfWhEmyjcLTkncEhpYuMWHwAqM:JzA7M6FXCZsInugK+CkTSWcpkEtcLAcy
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: x7248x6743x6240x6709(C) 2020
InternalName: loader
FileVersion: 1, 0, 0, 1
CompanyName: yida
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: yida loader
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: loader
OriginalFilename: loader.dat
Translation: 0x0804 0x04b0

Generic.Malware.Lco.43C17D18 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader35.10669
ClamAVWin.Dropper.Gh0stRAT-9792320-0
McAfeeGenericRXAA-AA!AF66A1E65D85
CylanceUnsafe
ZillyaTrojan.OnLineGames.Win32.243608
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.CJVZ
APEXMalicious
AvastWin32:FileinfectorX-gen [Trj]
CynetMalicious (score: 99)
KasperskyHEUR:Backdoor.Win32.Farfli.gen
BitDefenderDeepScan:Generic.Malware.Lco.43C17D18
NANO-AntivirusTrojan.Win32.Farfli.ibdmwi
MicroWorld-eScanDeepScan:Generic.Malware.Lco.43C17D18
Ad-AwareDeepScan:Generic.Malware.Lco.43C17D18
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZexaF.34170.lmLfa8N00znj
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.af66a1e65d851cda
EmsisoftDeepScan:Generic.Malware.Lco.43C17D18 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Farfli.edo
AviraHEUR/AGEN.1101568
Antiy-AVLTrojan/Generic.ASMalwS.30FC592
MicrosoftTrojan:Win32/Farfli.DSK!MTB
ArcabitDeepScan:Generic.Malware.Lco.43C17D18
ZoneAlarmHEUR:Backdoor.Win32.Farfli.gen
GDataDeepScan:Generic.Malware.Lco.43C17D18
AhnLab-V3Malware/Win32.Generic.C4222468
VBA32BScope.Backdoor.Farfli
MAXmalware (ai score=89)
MalwarebytesMalware.AI.420868432
TrendMicro-HouseCallTROJ_GEN.R005C0DIS21
RisingTrojan.Kryptik!1.D32C (CLASSIC)
YandexTrojan.GenAsa!GPybLLVgmp4
IkarusTrojan.Win32.Injector
FortinetW32/Farfli.BNZS!tr
AVGWin32:FileinfectorX-gen [Trj]
Paloaltogeneric.ml

How to remove Generic.Malware.Lco.43C17D18?

Generic.Malware.Lco.43C17D18 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment