Malware

Generik.EEPAYRN removal

Malware Removal

The Generik.EEPAYRN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.EEPAYRN virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Attempts to remove evidence of file being downloaded from the Internet
  • Executed a process and injected code into it, probably while unpacking
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Generik.EEPAYRN?



File Info:

crc32: F5ACB0EA
md5: 01513548a654dbfb48e944f91404d861
name: 01513548A654DBFB48E944F91404D861.mlw
sha1: c843307de6546a6ca9bd2b06b10c0b30ed8cd062
sha256: 65c23ef396fa61ad0df2f8a8c0e2b49085974907c87533741077953e5ca26a81
sha512: be1b122ff26c1f5ee7f37fd907b59ecbb63d256696f41db64973f9871f673490677965dfbbd87784da0981dfc3b77233486a2ad651d45377839665a4fe41c5d5
ssdeep: 3072:gtI28FUgqd9b79EYy6Qu2vOOc2f8jcDoZ16XZxt:LuxEYySr2fmkoWX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: CERTMGR.EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: ECM Certificate Manager
OriginalFilename: CERTMGR.EXE
Translation: 0x0409 0x04b0

Generik.EEPAYRN also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.40651681
FireEyeGeneric.mg.01513548a654dbfb
McAfeeArtemis!01513548A654
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforTrojan.Win32.Save.a
BitDefenderTrojan.GenericKD.40651681
Cybereasonmalicious.8a654d
BitDefenderThetaGen:NN.ZexaF.34590.rq0@a0EH9efP
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.EEPAYRN
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan.Win32.Waldek.bbrh
AlibabaTrojan:Win32/Waldek.ecfda6d2
NANO-AntivirusTrojan.Win32.Waldek.fffbcx
TencentWin32.Trojan.Waldek.Chd
Ad-AwareTrojan.GenericKD.40651681
TACHYONTrojan/W32.Waldek.278528.B
SophosMal/Generic-S
ComodoMalware@#2je4ibr3kvn30
DrWebBackDoor.Siggen2.2488
McAfee-GW-EditionBehavesLike.Win32.Ransomware.dt
EmsisoftTrojan.GenericKD.40651681 (B)
IkarusTrojan.SuspectCRC
MicrosoftTrojan:Win32/Occamy.C
ArcabitTrojan.Generic.D26C4BA1
ZoneAlarmTrojan.Win32.Waldek.bbrh
GDataTrojan.GenericKD.40651681
VBA32Trojan.Waldek
ALYacTrojan.GenericKD.40651681
MAXmalware (ai score=81)
MalwarebytesMalware.Heuristic.1001
PandaTrj/GdSda.A
RisingTrojan.Waldek!8.E6B (CLOUD)
YandexTrojan.GenAsa!+LIByD35c/4
SentinelOneStatic AI – Suspicious PE
FortinetW32/Generik.EEPAYRN!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.Dropper.dd5

How to remove Generik.EEPAYRN?

Generik.EEPAYRN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment