Malware

How to remove “Generik.MWGVFYL”?

Malware Removal

The Generik.MWGVFYL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.MWGVFYL virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Generik.MWGVFYL?



File Info:

name: C14F1E4C8A3F4769E149.mlw
path: /opt/CAPEv2/storage/binaries/869cf15fee3518fa11850d0e2463dae9eae522610c53dd6a4870328bd1a733fc
crc32: 73C3C46B
md5: c14f1e4c8a3f4769e1496c5c0588c46e
sha1: da23c613c0fd3b84171bcaf6fe8c8088024a2c29
sha256: 869cf15fee3518fa11850d0e2463dae9eae522610c53dd6a4870328bd1a733fc
sha512: d30b725d21eb32dfd04fd98e87b14e2b96fa4fd9e4fc4917f7d012c1b1100f998df8687db3f8c71273eef5f99b4b6b266e5cbf7e17c8b98fd4330dff93d16c34
ssdeep: 24576:+wWHhK2FjW8WVKYoa3l2RVcna3T2Mfpt8/NNeqWW:pWHhKejW8gKYoKl2UnaDrn8/NW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DB35333EACB44062D3BB14B55FEF5AC42DA8C9F1ED9CFF0BD0D0086E08795A185259DA
sha3_384: 0d19ef155f089e45a972979e4ec783bedea212c08cdf1e459494f6f032f5d2ba247260c635bb48690265c56169404378
ep_bytes: 60be000046008dbe0010faff5783cdff
timestamp: 2016-12-05 11:49:10


Version Info:

CompanyName: Avira Operations GmbH & Co. KG
FileVersion: 15.0.23.0
LegalCopyright: Copyright 2016 Avira Operations GmbH & Co. KG. All rights reserved.
OriginalFilename: ManagedFirewall_SysTray.exe
ProductName: Avira Swat Apl Rs
ProductVersion: 15.0.23.0
Translation: 0x0809 0x04b0

Generik.MWGVFYL also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ramy.4!c
MicroWorld-eScanAIT.Heur.Ramy.1.BB67170D.Gen
ClamAVWin.Malware.Autoit-6992293-0
FireEyeAIT.Heur.Ramy.1.BB67170D.Gen
ALYacAIT.Heur.Ramy.1.BB67170D.Gen
Cylanceunsafe
SangforTrojan.Win32.Autcobit.Vy0p
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/AutCobit.e79079ff
K7GWTrojan ( 700000111 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecSMG.Heur!gen
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Generik.MWGVFYL
APEXMalicious
CynetMalicious (score: 99)
BitDefenderAIT.Heur.Ramy.1.BB67170D.Gen
AvastWin32:Evo-gen [Trj]
RisingTrojan.Generic@AI.95 (RDML:/jhAqOPBHFrlybT0XbuvlQ)
EmsisoftAIT.Heur.Ramy.1.BB67170D.Gen (B)
F-SecureTrojan.TR/AutCobit.knzgj
DrWebTrojan.BtcMine.1084
VIPREAIT.Heur.Ramy.1.BB67170D.Gen
TrendMicroTROJ_GEN.R002C0DGS23
McAfee-GW-EditionBehavesLike.Win32.Injector.tc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
GDataWin32.Trojan.PSE.CDL9ON
AviraTR/AutCobit.knzgj
Antiy-AVLHackTool/Win32.Agent
ArcabitAIT.Heur.Ramy.1.BB67170D.Gen [many]
MicrosoftTrojan:Win32/AutCobit
GoogleDetected
AhnLab-V3Trojan/Win32.Nymeria.C2495045
McAfeeArtemis!C14F1E4C8A3F
MAXmalware (ai score=89)
VBA32Trojan.Autoit.Wirus
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallTROJ_GEN.R002C0DGS23
TencentWin32.Trojan.Autcobit.Kajl
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Generik.MWGVFYL?

Generik.MWGVFYL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment