Mal/Generic-R + Troj/AutoIt-DCR removal instruction

Malware Removal

The Mal/Generic-R + Troj/AutoIt-DCR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Mal/Generic-R + Troj/AutoIt-DCR virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Compression (or decompression)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
www.rmagent.biz
al-sharqgroup.com
a.tomx.xyz

How to determine Mal/Generic-R + Troj/AutoIt-DCR?


File Info:

crc32: DE0AD681
md5: 8f43ae5b1ace9b27a4fcd4515bc6aa0e
name: 8F43AE5B1ACE9B27A4FCD4515BC6AA0E.mlw
sha1: 3bbf76e599161c03927327c3c284c09e3c4002b0
sha256: 5fd515aeb9488e866f1fd27d8cae68165da1c6b54bfb7628813ca26bbb25d967
sha512: 1ff03acc412a97faf2e4fc2ee1d939d53dd75e143d95868430f8e4aa90e7858a94f4ff6784b64f43dc3d9260092d62a18948dcb3115765cd738fc6587be30478
ssdeep: 24576:h/CNBKOsWsN6640tJn5mTBQGktmHa2nMviVD5ucpzdwD:yKOaBfIBQG6Ya2nwifucxd0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0809 0x04b0

Mal/Generic-R + Troj/AutoIt-DCR also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 700000111 )
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.4584
CynetMalicious (score: 100)
CAT-QuickHealTrojan.ScriptPMF.S17736369
ALYacTrojan.GenericKD.37383897
CylanceUnsafe
ZillyaExploit.BypassUAC.Win32.2807
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 700000111 )
Cybereasonmalicious.b1ace9
CyrenW32/AutoIt.QF.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.AutoIt.PC
APEXMalicious
AvastAutoIt:Injector-JF [Trj]
ClamAVWin.Malware.Autoit-6989454-0
KasperskyTrojan.Script.Obit.gen
BitDefenderTrojan.GenericKD.37383897
MicroWorld-eScanTrojan.GenericKD.37383897
TencentMalware.Win32.Gencirc.10ce1652
Ad-AwareTrojan.GenericKD.37383897
SophosMal/Generic-R + Troj/AutoIt-DCR
BitDefenderThetaAI:Packer.F34CB91817
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
FireEyeGeneric.mg.8f43ae5b1ace9b27
EmsisoftTrojan.GenericKD.37383897 (B)
AviraDR/AutoIt.Gen8
Antiy-AVLTrojan/Generic.ASCommon.151
KingsoftWin32.Heur.KVMH008.a.(kcloud)
MicrosoftTrojan:Win32/Remcos.AUT!MTB
GridinsoftTrojan.Win32.Downloader.oa!s1
GDataTrojan.GenericKD.37383897
TACHYONTrojan/W32.Obit.1136744
AhnLab-V3Trojan/Win32.Injector.R357230
Acronissuspicious
McAfeeArtemis!8F43AE5B1ACE
MAXmalware (ai score=89)
VBA32Trojan.Script
MalwarebytesGeneric.Trojan.Dropper.DDS
PandaTrj/Genetic.gen
RisingTrojan.Injector/Autoit!1.BB8F (CLASSIC)
IkarusTrojan.Autoit
MaxSecureTrojan.Malware.121218.susgen
FortinetAutoIt/Injector.EKY!tr
AVGAutoIt:Injector-JF [Trj]

How to remove Mal/Generic-R + Troj/AutoIt-DCR?

Mal/Generic-R + Troj/AutoIt-DCR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment