Malware

How to remove “Win32/PowerReg”?

Malware Removal

The Win32/PowerReg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/PowerReg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/PowerReg?



File Info:

name: 6EADA2E03B53D6D312FD.mlw
path: /opt/CAPEv2/storage/binaries/f9a36605e66708225dad7af3b636cf648f8871412160e358c6f3c0c51e2c26a3
crc32: 7E052458
md5: 6eada2e03b53d6d312fdef309518adc2
sha1: 671da51f15c0b89fae561c46bd17b00dbbb65e09
sha256: f9a36605e66708225dad7af3b636cf648f8871412160e358c6f3c0c51e2c26a3
sha512: 33f542b6ae1dffdab92adb78d12077af018ce2eaae407f3ad48b3cae32150b9e190045b9fd86004af92b792ab2fe36d7850291cf4792914c94798a0e3e3f79a0
ssdeep: 393216:tfGpGWiGraJEWajAtstVBrdCwlvefa0jQo2hY0BN5rw0:tfNJz0PtV9dLlvElco10/Nw0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12EF63300A2B39F68C8697835C628FD36066E7A2268E77FD1C2C98E105B75ECFC7E5541
sha3_384: a40a7e3394bd5b96fc00ea391f5ea606185ea286d177b2a7fd2e8068a351945eddd39d43c467eecc39e985cdf3b488a0
ep_bytes: 558bec6aff68102341006830b5400064
timestamp: 2000-03-27 18:09:58


Version Info:

Comments: 
CompanyName: Corel Corporation
FileDescription: KPT effects 30 day trial
FileVersion: 7
InternalName: stub32i.exe                                                 
LegalCopyright: 2001 Corel Corporation
OriginalFilename: stub32i.exe                                                 
ProductName: KPT(R) effects(TM) Trial Version
ProductVersion: 7
Translation: 0x0409 0x04b0

Win32/PowerReg also known as:

CAT-QuickHealTrojan.Skeeyah
CylanceUnsafe
K7AntiVirusTrojan ( 000665cd1 )
K7GWTrojan ( 000665cd1 )
ESET-NOD32Win32/PowerReg
SophosMal/Generic-R
MicrosoftTrojan:Win32/Skeeyah
MalwarebytesMachineLearning/Anomalous.100%

How to remove Win32/PowerReg?

Win32/PowerReg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment