Rootkit

Rootkit.Gen.2 removal

Malware Removal

The Rootkit.Gen.2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Rootkit.Gen.2 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Loads a driver
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup

How to determine Rootkit.Gen.2?



File Info:

name: CDF1BF212408A4253E05.mlw
path: /opt/CAPEv2/storage/binaries/4faa0be469733c851f1d93e5608197c4278f7d340a615b420ca09fa9ec5256d6
crc32: 536B7A1E
md5: cdf1bf212408a4253e05c8eb5c21d7d8
sha1: c12dd0205fdc784f0a6a1fdb03f2f333f6f35821
sha256: 4faa0be469733c851f1d93e5608197c4278f7d340a615b420ca09fa9ec5256d6
sha512: 93baa8ad14746f02a1515285df381d42d55a144e3c5bc6c07b881857a37ddb0f7f0449c33ecca9ca574f75aed8942c26bd769a8c3fac61f1b5b537de00a5ba9c
ssdeep: 24576:y/PAujQVPoPFtEkdLOg5zHW3qmmWzHW3qmmZ:yXAzkAQvzHW3qmmWzHW3qmmZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FE058D02F5B340B2D51A1A3141A77735AE78CE5A0A109F8BA3E4ED7D7D723A09D3713A
sha3_384: df955fdda5ba5610a71324192e395cf9281fea3f87c2f0141f917512861157558b45de4a8e5976b3c115682e001909d9
ep_bytes: 558bec6aff68301a4b00681c2c460064
timestamp: 2012-08-03 02:03:05


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Rootkit.Gen.2 also known as:

BkavW32.AIDetect.malware2
CAT-QuickHealTrojan.MauvaiseRI.S5255470
McAfeeArtemis!CDF1BF212408
CylanceUnsafe
Sangfor[NULLSOFT PIMP INSTALL SYSTEM7]
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.05fdc7
BaiduWin32.Rootkit.Agent.f
CyrenW32/S-9a0e6078!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Procpatcher-9875517-0
Kasperskynot-a-virus:RiskTool.Win32.ProcPatcher.a
NANO-AntivirusRiskware.Win32.ProcPatcher.eclpme
AvastWin32:PUP-gen [PUP]
TencentWin32.Trojan.Obfuscator.Tdzd
ComodoWorm.Win32.Dropper.RA@1qraug
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.NtRootKit.18405
McAfee-GW-EditionBehavesLike.Win32.Trojan.ch
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.cdf1bf212408a425
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmnot-a-virus:UDS:RiskTool.Win32.ProcPatcher.a
GDataWin32.Trojan.FlyStudio.I
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C1990216
VBA32Rootkit.Gen.2
MalwarebytesPUP.Optional.ChinAd
RisingRootkit.Agent!1.6784 (CLASSIC)
IkarusBackdoor.Win32.BlackHole
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34806.1q0@aKsqf9ib
AVGWin32:PUP-gen [PUP]
PandaTrj/GdSda.A

How to remove Rootkit.Gen.2?

Rootkit.Gen.2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment