Categories: Malware

Win32/GenCBL.DKX removal guide

The Win32/GenCBL.DKX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/GenCBL.DKX virus can do?

A file was accessed within the Public folder.
Sample contains Overlay data
Presents an Authenticode digital signature
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Drops a binary and executes it
Authenticode signature is invalid
CAPE detected the NetSupport malware family
Detects Bochs through the presence of a registry key
Attempts to modify proxy settings
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/GenCBL.DKX?


File Info:
name: E9438DA9AE361C2FC0D6.mlwpath: /opt/CAPEv2/storage/binaries/5f953d36c01f17523ac35b57219b51bdd98d79ff0bd6d8f28f31e66c0d20e06ecrc32: A15CD167md5: e9438da9ae361c2fc0d6f407b1383519sha1: 7c5fecc4833dbf8986d49378685854105302029esha256: 5f953d36c01f17523ac35b57219b51bdd98d79ff0bd6d8f28f31e66c0d20e06esha512: 44dc2eae36883b0dbedf726fa9d5f1672095132bcd803200bd4cc2baed97c5ab2f85e566d6de2a4156428ec9fcede2b2cb38863d6e32d47c96a10bf7188b6917ssdeep: 49152:VKG3z+STTgm/qt/9Zf6boLzy3+UEClKO6ETgu6:VKyz/gm/wjf1Sl8sgu6type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D1A523763392C431EC5A043299FC83925E78FC3156FAA987BB441B292FB13A0C755B5Bsha3_384: 3ebc8c7e60b3e2c033c396144299fb8a0e8d0c45383c6a13081efccc00532eebfeabd893245743e038c53cfccf0328a3ep_bytes: e885630000e978feffff8bff558bec56timestamp: 2014-12-02 10:07:30
Version Info:
0: [No Data]

Win32/GenCBL.DKX also known as:

Bkav	W32.Common.24D7B5EB
Lionic	Trojan.Win32.ChePro.7!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Adware.GenericKD.61004862
FireEye	Adware.GenericKD.61004862
Skyhigh	Netsupportrat.d
McAfee	Artemis!E9438DA9AE36
Cylance	unsafe
Zillya	Tool.NetSup.Win32.119
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	TrojanBanker:Win32/ChePro.f5ff91e4
K7GW	Riskware ( 00584baa1 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/GenCBL.DKX
Zoner	Trojan.Win32.153309
Kaspersky	Trojan-Banker.Win32.ChePro.njjz
BitDefender	Adware.GenericKD.61004862
Avast	Win32:Trojan-gen
Sophos	Generic Reputation PUA (PUA)
F-Secure	Trojan.TR/AD.Nekark.yxytb
DrWeb	BackDoor.RMS.219
VIPRE	Adware.GenericKD.61004862
Emsisoft	Adware.GenericKD.61004862 (B)
GData	Win32.Riskware.NetRemote.A
Jiangmin	RemoteAdmin.NetSup.ai
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Nekark.yxytb
Kingsoft	Win32.Troj.Banker.a
Xcitium	Malware@#27zmrbmx8fz67
Arcabit	Adware.Generic.D3A2DC3E
ZoneAlarm	Trojan-Banker.Win32.ChePro.njjz
Microsoft	TrojanDownloader:Win32/CryptInject!MSR
Varist	W32/S-f514affe!Eldorado
VBA32	Riskware.NetSupport
ALYac	Adware.GenericKD.61004862
MAX	malware (ai score=100)
Malwarebytes	GenCBL.Ransom.FileCryptor.DDS
Panda	Trj/CI.A
Rising	PUF.RemoteAdmin!1.E606 (CLASSIC)
Yandex	Riskware.RemoteAdmin!zKwO6DNnIh8
Ikarus	Trojan.RAT.Netsupportmanager
MaxSecure	Trojan.Malware.205915480.susgen
Fortinet	Riskware/RemoteAdmin
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS