Malware

Generik.MYSKVHK removal guide

Malware Removal

The Generik.MYSKVHK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generik.MYSKVHK virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Modifies Image File Execution Options, indicative of process injection or persistence
  • Anomalous binary characteristics
  • Tampers with PowerShell logging options
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net
msupdate.info

How to determine Generik.MYSKVHK?


File Info:

name: 9F2890872F57053A61D4.mlw
path: /opt/CAPEv2/storage/binaries/bb067ac57abf58f7d43e4fac8953307631257dd38422a3938a6b45f4b0e79e92
crc32: 9C5537B1
md5: 9f2890872f57053a61d46895b9c1f1cb
sha1: 8b56ba17d234c2220878a8a9b60366a5aa2e8c28
sha256: bb067ac57abf58f7d43e4fac8953307631257dd38422a3938a6b45f4b0e79e92
sha512: 58b27cf9abdd0e5f4615dcde54f19a4ba1286a1208f1a1b259ca7508b943cf9aa0a245440fdab4f9398fa7651c6676e7b3bda4e48afec2607eac4a6a0b2478ef
ssdeep: 6144:jqJQcjfxGqz7J1NJErbrEFTMIfntyCnjd1:jqicj5f5cbrEFYGnco51
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T128946C2B72958F6CCB2A1773648E64504B607F9F6043C6CE76C97EA6DDA1322C417F22
sha3_384: e4cac180bf207f1f3c6cd362ceaf041aede95c820f051484379898d2891a15e290bad997ea45016509e15378fa2703d8
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2020-02-26 03:41:32

Version Info:

Translation: 0x0419 0x04b0
FileDescription: Oracle Loader
FileVersion: 1.1.55.0
InternalName: Loader
LegalCopyright: Copyright (c) 2021 All rights reserved
OriginalFilename: Loader
ProductVersion: 1.1.55.0
Assembly Version: 2.0.31.0
CompanyName: Oracle
ProductName: Loader
Comments:

Generik.MYSKVHK also known as:

LionicTrojan.Win32.APosT.4!c
MicroWorld-eScanTrojan.GenericKD.38042567
FireEyeTrojan.GenericKD.38042567
McAfeeArtemis!9F2890872F57
MalwarebytesTrojan.ProxyAgent
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/APosT.d32ae1e3
K7GWRiskware ( 0040eff71 )
ArcabitTrojan.Generic.D2447BC7
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Generik.MYSKVHK
Paloaltogeneric.ml
KasperskyTrojan.Win32.APosT.ovv
BitDefenderTrojan.GenericKD.38042567
Ad-AwareTrojan.GenericKD.38042567
SophosMal/Generic-S
DrWebTrojan.DownLoader44.1394
ZillyaTrojan.APosT.Win32.2073
TrendMicroTROJ_GEN.R002C0WKJ21
McAfee-GW-EditionBehavesLike.Win64.HLLP.gh
EmsisoftTrojan.GenericKD.38042567 (B)
AviraTR/Agent.zrkol
GridinsoftRansom.Win64.Wacatac.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataTrojan.GenericKD.38042567
CynetMalicious (score: 99)
VBA32Trojan.APosT
ALYacTrojan.GenericKD.38042567
MAXmalware (ai score=88)
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002C0WKJ21
IkarusTrojan.SuspectCRC
FortinetPossibleThreat
PandaTrj/CI.A

How to remove Generik.MYSKVHK?

Generik.MYSKVHK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment