Categories: Malware

How to remove “Generic.MSIL.PasswordStealerA.149C6513”?

The Generic.MSIL.PasswordStealerA.149C6513 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.MSIL.PasswordStealerA.149C6513 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Sniffs keystrokes
Exhibits behavior characteristic of iSpy Keylogger
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

How to determine Generic.MSIL.PasswordStealerA.149C6513?


File Info:
crc32: B2D488ADmd5: b94b04d66604ea35eede65a32747e3a8name: win642.exesha1: fce49f97aa355f1a0ccbcaddf24e1bdf09832f73sha256: 2c2c579ffd9f4a247ef88d8bb8542b95bf675b610fd92715abe6c9af634cbbb3sha512: 34f71f19aa9c83ab3af795637d1b5cf95515a498144d120b31f4f92bf3bffe88838f2d8e42d1b044e1694de9b2489d74664c6017988a8ded3ec0748b662652d7ssdeep: 12288:Sy50ed4DkhUo2y27dG1lFlWcYT70pxnnaaoawolBa2LeyVtrZNrI0AilFEvxHvB:bzA4MROxnFZay3rZlI0AilFEvxHiQ3type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: xa9 Microsoft Corporation. Reservados todos los derechos.Assembly Version: 1.0.0.0InternalName: explorerFileVersion: 6.1.7601.0CompanyName: Microsoft CorporationLegalTrademarks: Comments: ProductName: Sistema operativo Microsoftxae WindowsxaeProductVersion: 6.1.7601.0FileDescription: Explorador de WindowsOriginalFilename: Orcus.exe

Generic.MSIL.PasswordStealerA.149C6513 also known as:

DrWeb	Trojan.DownLoader24.65022
MicroWorld-eScan	Generic.MSIL.PasswordStealerA.149C6513
FireEye	Generic.mg.b94b04d66604ea35
CAT-QuickHeal	Trojan.MsilFC.S6051223
Qihoo-360	Generic/Trojan.daa
ALYac	Generic.MSIL.PasswordStealerA.149C6513
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.MSIL.Fsysna.4!c
K7AntiVirus	Trojan ( 005011a81 )
BitDefender	Generic.MSIL.PasswordStealerA.149C6513
K7GW	Trojan ( 005011a81 )
Cybereason	malicious.66604e
TrendMicro	BKDR_ORCUSRAT.SM
BitDefenderTheta	Gen:NN.ZemsilF.34104.7m0@a4jt44p
Cyren	W32/MSIL_Injector.KK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:CrypterX-gen [Trj]
ClamAV	Win.Packed.Razy-6847895-0
GData	MSIL.Backdoor.Orcus.A
Kaspersky	HEUR:Trojan.MSIL.Fsysna.gen
Alibaba	Backdoor:MSIL/Orcus.e3b0b4f9
Rising	Backdoor.Orcus!1.B603 (CLOUD)
Ad-Aware	Generic.MSIL.PasswordStealerA.149C6513
Sophos	Troj/Orcusrot-A
F-Secure	Backdoor.BDS/Orcus.wibti
Invincea	heuristic
McAfee-GW-Edition	BackDoor-FDJE!B94B04D66604
Emsisoft	Generic.MSIL.PasswordStealerA.149C6513 (B)
Ikarus	Trojan.MSIL.Agent
F-Prot	W32/MSIL_Injector.KK.gen!Eldorado
Jiangmin	Trojan.Generic.awmpo
Webroot	W32.Trojan.MSIL.Fsysna
Avira	BDS/Orcus.wibti
MAX	malware (ai score=83)
Antiy-AVL	Trojan[Spy]/MSIL.AGeneric
Endgame	malicious (high confidence)
Arcabit	Generic.MSIL.PasswordStealerA.149C6513
ZoneAlarm	HEUR:Trojan.MSIL.Fsysna.gen
Microsoft	Backdoor:MSIL/Orcus.A!bit
AhnLab-V3	Win-Trojan/OrcusRAT.Exp
McAfee	BackDoor-FDJE!B94B04D66604
Malwarebytes	Backdoor.Orcus
Panda	Trj/CI.A
Zoner	Trojan.Win32.75536
ESET-NOD32	a variant of MSIL/Orcusrat.D
TrendMicro-HouseCall	BKDR_ORCUSRAT.SM
Tencent	Msil.Trojan.Fsysna.Pfjf
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	MSIL/Generic.AP.F529E!tr
AVG	Win32:CrypterX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)