Malware

Should I remove “Generik.NWRYKNG”?

Malware Removal

The Generik.NWRYKNG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.NWRYKNG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Generik.NWRYKNG?



File Info:

name: 2FFA92845A2F032E4A90.mlw
path: /opt/CAPEv2/storage/binaries/9fb7809e90982296468f3f7696c7366a863c247a68a88b42b66e04b2e294b65f
crc32: 16BD71E2
md5: 2ffa92845a2f032e4a907246dbf6df2a
sha1: cd6e4649e0045943b3ddf27b27f6d3fff0f245c6
sha256: 9fb7809e90982296468f3f7696c7366a863c247a68a88b42b66e04b2e294b65f
sha512: faa7c4d8c7d868336f231bb47b193d68427d41569d47d5d947cb0c8040aa728d1cc4fe0b368d384292dee125a0f2eb02bc2303e83035bf130fe1c0106548d525
ssdeep: 196608:coHsIZWMYousBvN7pTm4j7YsyJt2CpuREGoOOxo:LH3Z3NBvN7Nm43yTzpohKo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B976123FB268653ED5AE1B3245B3932059BB7A61A52A8C1F47F0081CCF665701F3FA16
sha3_384: acb9098384dd5a4eabeba37f8aca4bb91b5902dc72fae7c2e758113954a3f73d4489f582365035c92cb03961698b36de
ep_bytes: 558bec83c4a453565733c08945c08945
timestamp: 2020-03-14 17:59:41


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Profide                                                     
FileVersion: 3.52.0.1            
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Catalog ProAD                                               
ProductVersion: 3.52.0.1                                          
Translation: 0x0000 0x04b0

Generik.NWRYKNG also known as:

LionicTrojan.Win32.Ekstak.4!c
McAfeeArtemis!2FFA92845A2F
CylanceUnsafe
SangforTrojan.Win32.Ekstak.almlm
SymantecTrojan.Gen.2
ESET-NOD32a variant of Generik.NWRYKNG
KasperskyTrojan.Win32.Ekstak.almlm
AvastWin32:Adware-gen [Adw]
TencentMalware.Win32.Gencirc.10d00668
ZillyaTrojan.Ekstak.Win32.59649
McAfee-GW-EditionBehavesLike.Win32.BadFile.wc
SophosMal/Generic-S
GDataWin32.Trojan.BSE.1KA5L9G
Antiy-AVLTrojan/Generic.ASMalwS.351FC76
GridinsoftRansom.Win32.Sabsik.sa
ZoneAlarmTrojan.Win32.Ekstak.almlm
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
APEXMalicious
MaxSecureTrojan.Malware.73555928.susgen
AVGWin32:Adware-gen [Adw]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generik.NWRYKNG?

Generik.NWRYKNG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment