Trojan

Trojan.Autoruns.GenericKDS.42002421 removal instruction

Malware Removal

The Trojan.Autoruns.GenericKDS.42002421 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan.Autoruns.GenericKDS.42002421 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan.Autoruns.GenericKDS.42002421?



File Info:

crc32: AF02CC35
md5: ccf87e9b08d5c3007fb75a1fd795392e
name: 3ggs6hi_927444.exe
sha1: 50a6734cdc909444a4ef3e0aed43eb07da8a2b35
sha256: 4e9b93cc62dd66415547f03ab3a2f52f60428e1a87806e35a82c33da2f17e618
sha512: 91408c908613b517165d89da9ea80f94e866d467fa3c3523517931c405061126dfbd172a7094892d84121bbeac3a3a1c8c1dedda04955e053eaa4f05461f6729
ssdeep: 3072:ESzibBBkCdzsGpO+6TC7Rs4csQD+/Y3VVTtnL5LGcdCedwalUlGaU8WoV:EbBBkA4G2pswu2TtnLIKCedwcUlXUq
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows


Version Info:

0: [No Data]

Trojan.Autoruns.GenericKDS.42002421 also known as:

MicroWorld-eScanTrojan.Autoruns.GenericKDS.42002421
FireEyeGeneric.mg.ccf87e9b08d5c300
CAT-QuickHealTrojan.Fuery
McAfeeEmotet-FOL!CCF87E9B08D5
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Autoruns.GenericKDS.42002421
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_90% (W)
TrendMicroTROJ_GEN.R002C0DKA19
BitDefenderThetaGen:NN.ZexaF.32250.mOX@aOwWouc
F-ProtW32/Emotet.AAU.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/Kryptik.GYEQ
APEXMalicious
AvastWin32:BankerX-gen [Trj]
GDataTrojan.Autoruns.GenericKDS.42002421
KasperskyHEUR:Trojan-Banker.Win32.Emotet.pef
AlibabaTrojan:Win32/Skeeyah.5bdb558a
NANO-AntivirusTrojan.Win32.GenKryptik.ggmrlt
ViRobotTrojan.Win32.S.Emotet.202412
AegisLabTrojan.Win32.Generic.4!c
RisingTrojan.Emotet!1.BF04 (CLASSIC)
Ad-AwareTrojan.Autoruns.GenericKDS.42002421
SophosMal/EncPk-APC
ComodoMalware@#2ad4kjwuv08m5
F-SecureTrojan.TR/AD.Emotet.ecpry
DrWebTrojan.DownLoader30.37418
ZillyaTrojan.Emotet.Win32.18677
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Pykse.cc
IkarusTrojan-Banker.Emotet
CyrenW32/Emotet.AAU.gen!Eldorado
JiangminTrojan.Banker.Emotet.mee
WebrootW32.Trojan.Gen
AviraTR/AD.Emotet.ecpry
MAXmalware (ai score=81)
Antiy-AVLTrojan[Banker]/Win32.Emotet
Endgamemalicious (high confidence)
ArcabitTrojan.Autoruns.GenericS.D280E7F5
AhnLab-V3Trojan/Win32.Emotet.R298664
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.pef
MicrosoftTrojan:Win32/Skeeyah.A!MTB
ALYacTrojan.Agent.Emotet
VBA32Trojan.Emotet
CylanceUnsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DKA19
YandexTrojan.PWS.Emotet!
SentinelOneDFI – Suspicious PE
MaxSecureTrojan.Malware.11417434.susgen
FortinetW32/TrickBot.CC!tr
AVGWin32:BankerX-gen [Trj]
Cybereasonmalicious.cdc909
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.298

How to remove Trojan.Autoruns.GenericKDS.42002421?

Trojan.Autoruns.GenericKDS.42002421 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment