Malware

Should I remove “Generic.Servstart.E.CFF202CB”?

Malware Removal

The Generic.Servstart.E.CFF202CB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Servstart.E.CFF202CB virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the Nitol malware family
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Generic.Servstart.E.CFF202CB?



File Info:

name: E3F70FCCEA3880833150.mlw
path: /opt/CAPEv2/storage/binaries/7d994cfb4705130b83c8cece9a902627784132ba6286c21e6424b7c83479fbd9
crc32: 17CD4EB3
md5: e3f70fccea388083315015383d361c47
sha1: 0bb40745242e2a56d92b5db5a563cfc27c6a1f6c
sha256: 7d994cfb4705130b83c8cece9a902627784132ba6286c21e6424b7c83479fbd9
sha512: d3ce488e979695621c867b18d271ce7428f817b4f06aae7c6c219163b46efc5da627602a5ce4f62b0ee9fa2ccecadc1288789db31ba3abc7cc2b2dcbd9f3d454
ssdeep: 3072:v+CUTBfteO6dNnSJEFIY9pMZbjTVyMjku2yvkqsm5QrYcIummV0ViYDd0Gb:XUTBl6XnSJEFTgZz9jkuxc+eYcIumu0T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D304390196417467E47340B198E6AF3BA6EE6E740B0E6483F3C87E0A59F47E2763164F
sha3_384: a158c5b2344ff4da52fadbf32aee6823881e408b20babe9247e15305b3be63fae930e01d0172c8bc9e7267d11f991b4c
ep_bytes: 558bec6aff68085b400068c897420064
timestamp: 2014-02-15 02:26:38


Version Info:

Comments: 
CompanyName: zhensu
FileDescription: zhensu
FileVersion: 1, 0, 0, 1
InternalName: zhensu
LegalCopyright: 版权所有(C) 2014
LegalTrademarks: 
OriginalFilename: zhensu
PrivateBuild: 
ProductName: zhensu
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Generic.Servstart.E.CFF202CB also known as:

LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanGeneric.Servstart.E.CFF202CB
FireEyeGeneric.mg.e3f70fccea388083
McAfeeArtemis!E3F70FCCEA38
CylanceUnsafe
VIPREGeneric.Servstart.E.CFF202CB
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0054d1101 )
BitDefenderGeneric.Servstart.E.CFF202CB
K7GWTrojan ( 0054d1101 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34682.lm1@aCHNzZcb
VirITBackdoor.Win32.Generic.FIO
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.ARB
BaiduWin32.Trojan.Farfli.x
APEXMalicious
ClamAVWin.Trojan.Gh0stRAT-9760859-1
KasperskyTrojan.Win32.Vehidis.qh
NANO-AntivirusTrojan.Win32.Vehidis.ctwwch
CynetMalicious (score: 100)
RisingBackdoor.Farfli!1.A1B3 (CLASSIC)
Ad-AwareGeneric.Servstart.E.CFF202CB
EmsisoftGeneric.Servstart.E.CFF202CB (B)
ComodoTrojWare.Win32.Vehidis.PRF@58x08v
DrWebTrojan.DownLoader9.27029
TrendMicroBKDR_ZEGOST.SM40
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminHeur:Backdoor/PcClient
AviraHEUR/AGEN.1205562
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.34D8
MicrosoftTrojan:Win32/Wacatac.B!ml
SUPERAntiSpywareTrojan.Agent/Gen-Vehidis
GDataGeneric.Servstart.E.CFF202CB
GoogleDetected
AhnLab-V3Trojan/Win32.Vehidis.R94642
VBA32BScope.Trojan.SvcHorse.01643
ALYacGeneric.Servstart.E.CFF202CB
MalwarebytesMalware.Heuristic.1004
PandaGeneric Malware
TrendMicro-HouseCallBKDR_ZEGOST.SM40
TencentWin32.Trojan.Vehidis.Aujl
YandexTrojan.Vehidis!L4DSvUSK3M8
IkarusBackdoor.Win32.Inject
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Farfli.ARU!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.cea388
AvastWin32:Evo-gen [Trj]

How to remove Generic.Servstart.E.CFF202CB?

Generic.Servstart.E.CFF202CB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment