Malware

Generik.CRSNFVQ removal

Malware Removal

The Generik.CRSNFVQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.CRSNFVQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Creates a hidden or system file
  • A script or command line contains a long continuous string indicative of obfuscation
  • Attempts to execute suspicious powershell command arguments
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

How to determine Generik.CRSNFVQ?



File Info:

name: A58419AA01733389B8D5.mlw
path: /opt/CAPEv2/storage/binaries/63293c0e1cbac51bb409c32ee731a0b8176264c99f635a67d83a32f4e380d6c9
crc32: 93CFE2E1
md5: a58419aa01733389b8d57e8fb6e1d902
sha1: 169bf84ebae561a64d94a0dc1147e2f5ccf7280f
sha256: 63293c0e1cbac51bb409c32ee731a0b8176264c99f635a67d83a32f4e380d6c9
sha512: 066e4519816d0289304c27c9467862ae00f4ddcf30037019bad5661e76d6c9798a3a6347fdaa8d531822a10d283450ca724390f25bfde11d5e18714fac4c4583
ssdeep: 1536:YY2YBWVYR+ObOlgFdVkDQjtT1Maa6utZt/:YY2YBjRxSqLQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A493002CA1BBC11DD1A7DEB62CCC66BD88EE6633240DB97619C5430B0F52B44EF4257A
sha3_384: d3d5c47415131e93456a0c0c732d6586ebee06f977a71ffe9d3e72d90602deb754c81302b2840c548369fecbcaa14c05
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-30 13:34:25


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Microsoft Windows
FileVersion: 0.0.0.0
InternalName: test2.exe
LegalCopyright: Microsoft Windows
OriginalFilename: test2.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Generik.CRSNFVQ also known as:

LionicTrojan.MSIL.Scrami.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.27552
MicroWorld-eScanTrojan.GenericKD.48287632
FireEyeGeneric.mg.a58419aa01733389
McAfeeRDN/Generic.rp
CylanceUnsafe
SangforTrojan.MSIL.Scrami.gen
CrowdStrikewin/malicious_confidence_70% (W)
BitDefenderThetaGen:NN.ZemsilF.34212.fm0@aezdsJg
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.CRSNFVQ
TrendMicro-HouseCallTROJ_GEN.R002H0CBA22
Paloaltogeneric.ml
ClamAVWin.Malware.Shelma-9937709-0
KasperskyHEUR:Trojan.MSIL.Scrami.gen
BitDefenderTrojan.GenericKD.48287632
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.48287632
EmsisoftTrojan.GenericKD.48287632 (B)
McAfee-GW-EditionRDN/Generic.rp
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1202336
MAXmalware (ai score=84)
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataTrojan.GenericKD.48287632
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Wacatac.C4218618
ALYacTrojan.GenericKD.48287632
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Crypt.MSIL
APEXMalicious
RisingTrojan.Kryptik!1.DB9C (CLASSIC)
IkarusTrojan.SuspectCRC
FortinetW32/Malicious_Behavior.SBX
AVGWin32:Trojan-gen
Cybereasonmalicious.ebae56

How to remove Generik.CRSNFVQ?

Generik.CRSNFVQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment