Malware

Mal/Generic-S + W32/Pykse-F removal tips

Malware Removal

The Mal/Generic-S + W32/Pykse-F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Mal/Generic-S + W32/Pykse-F virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior

How to determine Mal/Generic-S + W32/Pykse-F?


File Info:

name: ABD31EFE41C3D57B6480.mlw
path: /opt/CAPEv2/storage/binaries/c25a9a14f9d3151fb5a12a61303b700203bb7d85d68bc9f8ae1b535fd7591a9b
crc32: 3F2452DA
md5: abd31efe41c3d57b6480b1c065b8aedb
sha1: 0971137a2c4cbd84c3babaa6014dc34f6a94f959
sha256: c25a9a14f9d3151fb5a12a61303b700203bb7d85d68bc9f8ae1b535fd7591a9b
sha512: 80011a3455e5ed60fcc50f53d44c5e19c65990ee3d2d70b57b50f32dde6c31bd810c4d0d9c10ecd11d6516ba9f510d4664494c59abaf986d3d0c61e07c5528f4
ssdeep: 6144:E3ue8ySm8hQAAIfFrRXuEE+0l97mKwK+UqHVZQ86JQPDHDdx/Qtqa:Q/zkFF+EExZmKb+UuVZQPJQPDHvd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AE76BF36F780C9B1C445803177965F13ADF96D301261E6ABD7B4CE492EF62E4A32A34B
sha3_384: 96696f1fb96f0050c52ec7cec61072ca9d298cd45c06c37a1b926b01d784dcc9b7e900cd925db348c7e83538de41f6a0
ep_bytes: 6a6068f0b74200e8edf7ffffbf940000
timestamp: 2006-12-09 05:22:26

Version Info:

0: [No Data]

Mal/Generic-S + W32/Pykse-F also known as:

BkavW32.FxcaxMMUqhATTc.Worm
LionicTrojan.Win32.Blocker.todt
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.317267
CAT-QuickHealWorm.Pykspa.C3
McAfeeW32/Pykse.worm.gen.a
CylanceUnsafe
ZillyaTrojan.Vilsel.Win32.2602
SangforARMADILLO17
K7AntiVirusTrojan ( 003da8d71 )
K7GWTrojan ( 003da8d71 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Worm.Autorun.o
VirITTrojan.Win32.Generic.SXQ
CyrenW32/Risk.BZSN-6837
SymantecW32.Pykspa.D
ESET-NOD32Win32/AutoRun.Agent.TG
APEXMalicious
ClamAVWin.Worm.Pykspa-1
KasperskyTrojan-Ransom.Win32.Blocker.jcen
BitDefenderGen:Variant.Barys.317267
NANO-AntivirusTrojan.Win32.Agent.ctkmgw
AvastWin32:Renos-KY [Trj]
TencentWorm.Win32.Pykspa.a
Ad-AwareGen:Variant.Barys.317267
SophosMal/Generic-S + W32/Pykse-F
ComodoWorm.Win32.Autorun.Agent_TG0@1isiwy
DrWebTrojan.Siggen.36621
VIPREGen:Variant.Barys.317267
TrendMicroWORM_AUTORUN_EK040404.UVPM
McAfee-GW-EditionBehavesLike.Win32.Dropper.wz
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.abd31efe41c3d57b
EmsisoftGen:Variant.Barys.317267 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.BSE.1JWSKP9
JiangminTrojan/Blocker.lhz
WebrootW32.Trojan.Gen
AviraTR/Agent.327680.A
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.7
ArcabitTrojan.Barys.D4D753
ViRobotTrojan.Win32.Blocker.Gen.B
ZoneAlarmTrojan-Ransom.Win32.Blocker.jcen
MicrosoftTrojan:Win32/Dinwod.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zepfod.R4378
VBA32Trojan.ChidikSun.28205
ALYacGen:Variant.Barys.317267
TACHYONRansom/W32.Blocker.7680000.L
MalwarebytesGeneric.Worm.Agent.DDS
TrendMicro-HouseCallWORM_AUTORUN_EK040404.UVPM
RisingWorm.Autorun!1.BC87 (CLASSIC)
YandexTrojan.GenAsa!R41E4MI3PTc
IkarusTrojan.Win32.AntiAV
MaxSecureTrojan.Ransom.Blocker.iprw
FortinetW32/Agent.XEK!tr
BitDefenderThetaGen:NN.ZexaF.34582.@pW@augpvtg
AVGWin32:Renos-KY [Trj]
Cybereasonmalicious.e41c3d
PandaTrj/Vilsel.B

How to remove Mal/Generic-S + W32/Pykse-F?

Mal/Generic-S + W32/Pykse-F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment