Generic.OrcusRAT.A.29F3E0AA removal

The Generic.OrcusRAT.A.29F3E0AA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Generic.OrcusRAT.A.29F3E0AA virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the OrcusRAT malware family
Binary file triggered YARA rule

How to determine Generic.OrcusRAT.A.29F3E0AA?


File Info:
name: A799040CFC26714B6539.mlw
path: /opt/CAPEv2/storage/binaries/4d37adf0c3bdb82bca83335523ff532318e6b99a3c6feabbdd117bcf41d23b79
crc32: E59BAE79
md5: a799040cfc26714b653950f418cc3359
sha1: 3c944bf11d495c0cd7bee4e8dbc9515bea44b94c
sha256: 4d37adf0c3bdb82bca83335523ff532318e6b99a3c6feabbdd117bcf41d23b79
sha512: 591c5537397a2f8e93cd16911ef94fd7adaf682851f1d21dc8e39d7b43dbdf661ed0c441fd11ec620d55dff4dcdf9c110d3c162b4f0cee080a3f7178122a50c6
ssdeep: 49152:Cs7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qb:CsHTPJg8z1mKnypSbRxo9JCm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140E512013BACBD46D0BE2AB8B6B719C807B5EA029682FF4F0D90519D0D9F742BD15367
sha3_384: fe996a356ebb1edeadd8349372ab6afcc277d142b38603c54712428eec883ebf538044fe6f941f762f928e25c5a7f3be
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-07-07 14:52:02

Version Info:
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0
Translation: 0x0000 0x04b0

Generic.OrcusRAT.A.29F3E0AA also known as:

Bkav	W32.AIDetectMalware.CS
AVG	Win32:CrypterX-gen [Trj]
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.OrcusRAT.A.29F3E0AA
FireEye	Generic.mg.a799040cfc26714b
Skyhigh	BehavesLike.Win32.Generic.vc
McAfee	GenericRXWC-TE!A799040CFC26
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.Orcusrat.Win32.3111
Sangfor	Virus.Win32.Save.a
VirIT	Trojan.Win32.MSIL_Heur.B
Symantec	Trojan.Sorcurat
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Orcusrat.D
APEX	Malicious
Avast	Win32:CrypterX-gen [Trj]
ClamAV	Win.Packed.Generic-9805849-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Generic.OrcusRAT.A.29F3E0AA
Tencent	Malware.Win32.Gencirc.11b9a16e
Emsisoft	Generic.OrcusRAT.A.29F3E0AA (B)
F-Secure	Trojan.TR/Orcusrat.ocnbp
DrWeb	Trojan.InjectNET.44
VIPRE	Generic.OrcusRAT.A.29F3E0AA
TrendMicro	BKDR_ORCUSRAT.SM
Sophos	Troj/OrcusRAT-A
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.hraje
Varist	W32/MSIL_Troj.C.gen!Eldorado
Avira	TR/Orcusrat.ocnbp
MAX	malware (ai score=89)
Antiy-AVL	Trojan[Spy]/Win32.Agent.foqx
Microsoft	Backdoor:MSIL/Orcus.A!bit
Arcabit	Generic.OrcusRAT.A.29F3E0AA
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
GData	MSIL.Backdoor.Quasar.D
Google	Detected
AhnLab-V3	Win-Trojan/OrcusRAT.Exp
BitDefenderTheta	Gen:NN.ZemsilF.36804.!o0@aWYX2c
VBA32	Trojan.MSIL.InfoStealer.gen
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	BKDR_ORCUSRAT.SM
Rising	Backdoor.Orcus!1.BABC (CLASSIC)
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.ASJ!tr
DeepInstinct	MALICIOUS
alibabacloud	Backdoor:MSIL/Orcus.rguvg

How to remove Generic.OrcusRAT.A.29F3E0AA?

Generic.OrcusRAT.A.29F3E0AA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X