Malware

Should I remove “Generik.QILVES”?

Malware Removal

The Generik.QILVES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.QILVES virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Generik.QILVES?



File Info:

name: 9DC4A9FA7979B6E08607.mlw
path: /opt/CAPEv2/storage/binaries/663cc2feac51623d62b251914adf4e56c65c6af36b44d9c711ef5d2c2fbf95de
crc32: 4F69E2CF
md5: 9dc4a9fa7979b6e08607e79093925e87
sha1: 712ad8e5023e37b7d87a20de4e72b37f5e0112c4
sha256: 663cc2feac51623d62b251914adf4e56c65c6af36b44d9c711ef5d2c2fbf95de
sha512: 66bd26aaab709361efbc2bf9cfea2220f7e306be7a7feb7301220816c71afe6a4ba63e168a8f5af96577aa30bfce0057dfc74bd23fe8fefd822d31eb8daf7112
ssdeep: 192:SEN25TZnIsB0S07E5po0FaNJhLkwcud2DH9VwGfctlXO:SEN2RZnLONctaNJawcudoD7Uy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135F18D2AE5A55E9CC15D61360CCFBA4E0D10E21ED2D69BE4A9C43137E8CA33469293B2
sha3_384: 02c35cfabf51df5c48afae2bb5ca930fa5545bf9255401c5b0e3c32d6833905bfa6fcbc9890e5ea36aff82bb71f71bc3
ep_bytes: 60be157040008dbeeb9fffff5789e58d
timestamp: 2008-06-09 07:12:12


Version Info:

0: [No Data]

Generik.QILVES also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
CAT-QuickHealBackdoor.Bot.S19311
McAfeeRDN/Generic.dx
MalwarebytesTrojan.Agent.UPX.Generic
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Generic.1161e456
VirITTrojan.Win32.MulDrop.BPCC
CyrenW32/Barys.V.gen!Eldorado
ESET-NOD32a variant of Generik.QILVES
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Barys-9781253-0
BitDefenderTrojan.GenericKD.48779699
ViRobotTrojan.Win32.Agent.8192.BD
MicroWorld-eScanTrojan.GenericKD.48779699
AvastWin32:Dropper-BFW [Trj]
Ad-AwareTrojan.GenericKD.48779699
EmsisoftTrojan.GenericKD.48779699 (B)
ComodoTrojWare.Win32.TrojanDropper.Agent.DT@6n86dy
DrWebTrojan.MulDrop.27770
ZillyaTrojan.Agent.Win32.4306
TrendMicroTROJ_GEN.R03BC0PCU22
McAfee-GW-EditionBehavesLike.Win32.Generic.xh
Trapminemalicious.high.ml.score
FireEyeTrojan.GenericKD.48779699
SophosGeneric PUA HB (PUA)
IkarusTrojan.Agent
GDataWin32.Trojan.BSE.1HIRSG3
JiangminTrojan/Agent.elzt
WebrootW32.Trojan.Gen
AviraTR/Agent.ackt
MAXmalware (ai score=82)
ArcabitTrojan.Generic.D2E851B3
SUPERAntiSpywareTrojan.Agent/Gen-Mdrop
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Agent.R481288
ALYacTrojan.GenericKD.48779699
VBA32Trojan.Agent
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R03BC0PCU22
RisingTrojan.Win32.Muldrop.b (CLOUD)
YandexTrojan.Agent!B6LeEMt2YuQ
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin32:Dropper-BFW [Trj]
Cybereasonmalicious.5023e3

How to remove Generik.QILVES?

Generik.QILVES removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment