Malware

Troj/Shiz-Gen removal

Malware Removal

The Troj/Shiz-Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Shiz-Gen virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the Simda malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Troj/Shiz-Gen?



File Info:

name: 65AA97669818B55A1E8A.mlw
path: /opt/CAPEv2/storage/binaries/8aa134cfd7a58e7bf07ea4c6add7981f0c674f787f29f16143b7a470df6d26f9
crc32: 3139B7BF
md5: 65aa97669818b55a1e8a1a3dac5efbfa
sha1: 2fe964f36763e94246eec683c3250837bd3a016f
sha256: 8aa134cfd7a58e7bf07ea4c6add7981f0c674f787f29f16143b7a470df6d26f9
sha512: 33a8a7f5919cf418da843f3c7fe984af2ae975767d5e95a024433e8d16055ae56f7390766a59f8b8aaecccb41c511caad21ebe21d2f240f8506a8696ec08f76f
ssdeep: 6144:93EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiU:SmWhND9yJz+b1FcMLmp2ATTSsdU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE847D21F1C48075E4F51AB095FF7A77156C6969472838E3E798EECA28741F23A3C287
sha3_384: 0d4c21091762ad13b0f1ac7c20d3c5de9673b993f1f25607a961e419d4fb56966e761cea6643847c08b7932d8a1fddca
ep_bytes: 558bec81ec0c010000535657e87fe4ff
timestamp: 2011-08-02 09:26:00


Version Info:

0: [No Data]

Troj/Shiz-Gen also known as:

BkavW32.AIDetectMalware
ElasticWindows.Trojan.Zeus
CynetMalicious (score: 100)
FireEyeGeneric.mg.65aa97669818b55a
CAT-QuickHealBackdoor.SimdabPMF.S32889292
SkyhighBehavesLike.Win32.Backdoor.fh
McAfeeBackDoor-FDOB!65AA97669818
Cylanceunsafe
VIPREGen:Variant.Barys.102182
SangforSuspicious.Win32.Save.ins
K7AntiVirusSpyware ( 005974bd1 )
K7GWSpyware ( 005974bd1 )
BaiduWin32.Trojan-Spy.Shiz.b
VirITTrojan.Win32.Ibank.ML
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spy.Shiz.NBX
APEXMalicious
ClamAVWin.Trojan.Shiz-9885535-0
KasperskyVHO:Backdoor.Win32.Androm.gen
BitDefenderGen:Variant.Barys.102182
NANO-AntivirusTrojan.Win32.Ibank.esrglb
MicroWorld-eScanGen:Variant.Barys.102182
AvastWin32:Shiz-JT [Trj]
TencentBackdoor.Win32.Spy.ha
TACHYONBackdoor/W32.Shiz
EmsisoftGen:Variant.Barys.102182 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PWS.Ibank.930
ZillyaTrojan.Shiz.Win32.554
Trapminemalicious.high.ml.score
SophosTroj/Shiz-Gen
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Generic.axsv
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Spy]/Win32.Shiz
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Simda.gen!B
XcitiumTrojWare.Win32.Spy.Shiz.ZV@6ldvxf
ArcabitTrojan.Barys.D18F26
SUPERAntiSpywareBackdoor.Bot/Variant
ZoneAlarmVHO:Backdoor.Win32.Androm.gen
GDataWin32.Trojan.Spyshiz.A
VaristW32/Shiz.AD.gen!Eldorado
AhnLab-V3Backdoor/Win.FDOB.C5392997
Acronissuspicious
BitDefenderThetaAI:Packer.6743CAC01E
ALYacGen:Variant.Barys.102182
MAXmalware (ai score=84)
VBA32BScope.TrojanPSW.Ibank
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/GdSda.A
RisingTrojan.Shifu!1.A8F0 (CLASSIC)
YandexTrojan.GenAsa!XdLqgvfOnP0
IkarusBackdoor.Win32.Simda
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Shiz.NBX!tr.spy
AVGWin32:Shiz-JT [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Simda.A(dyn)

How to remove Troj/Shiz-Gen?

Troj/Shiz-Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment