Worm:Win32/Autorun.GX removal tips

The Worm:Win32/Autorun.GX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Autorun.GX virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Worm:Win32/Autorun.GX?


File Info:
name: 74114C251C6FA7815363.mlw
path: /opt/CAPEv2/storage/binaries/c5a5ad82213ceea8f98f3384edcd555b1cab61569126873e02b00611bd764b9f
crc32: 2EA4CAC7
md5: 74114c251c6fa781536363d67a29e089
sha1: 600490793829a9a9c4a10b1d6a77c2cbedd1fc5d
sha256: c5a5ad82213ceea8f98f3384edcd555b1cab61569126873e02b00611bd764b9f
sha512: fbf940ca029954f298e09347b35878967bbbe785c6b07fe7facb0b262c9dc5eb3ca7faae2f3088637a137cb34a5d14752b8e6f94ab9cd9afc99e7607a4cd6866
ssdeep: 1536:QSpe+sd5jcfNfp8naKmNcQNqIJNaqFYOS6ySE7KagPL0OXMTmK6C1chPs1A2LPEd:hSAfv13zIxdLPIVolMxeuIXiv2/JKP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F3B33BC431A62E64F6DB8FB4A285DB6CF5F72C136752C590A80452BA0E5EEC93F17C18
sha3_384: ac2e7868c51e405f7ec71b4f41adda0cfd78e1af267a583616c87f7c48b5a16d6f7ab2a6c8c4f6213b88f69c84ca5538
ep_bytes: 52565183c9055053570f85fefeffff60
timestamp: 1972-12-25 05:33:23

Version Info:
0: [No Data]

Worm:Win32/Autorun.GX also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.EvilEPL.6
FireEye	Generic.mg.74114c251c6fa781
CAT-QuickHeal	Trojan.FlyStudio.UJ
Skyhigh	BehavesLike.Win32.Generic.ch
McAfee	Flyagent.b
Malwarebytes	Malware.Heuristic.2090
K7AntiVirus	EmailWorm ( 0009aeed1 )
Alibaba	Worm:Win32/FlyStudio.84c57403
K7GW	EmailWorm ( 0009aeed1 )
Cybereason	malicious.51c6fa
BitDefenderTheta	AI:Packer.5FC2631C1C
Symantec	Backdoor.Trojan
ESET-NOD32	Win32/AutoRun.FlyStudio.IH
APEX	Malicious
TrendMicro-HouseCall	WORM_AUTORUN.BDH
Avast	Win32:ScramEPL [Cryp]
ClamAV	Win.Worm.FlyStudio-33
Kaspersky	Worm.Win32.FlyStudio.cd
BitDefender	Gen:Variant.EvilEPL.6
NANO-Antivirus	Virus.Win32.Agent.dvixmz
Tencent	Trojan.Win32.Autorun.uu
Emsisoft	Gen:Variant.EvilEPL.6 (B)
Baidu	Win32.Trojan.FlyStudio.ob
F-Secure	Trojan-Dropper:W32/Peed.gen!A
DrWeb	Win32.HLLW.Autoruner.6411
VIPRE	Gen:Variant.EvilEPL.6
TrendMicro	WORM_AUTORUN.BDH
Trapmine	malicious.high.ml.score
Sophos	Mal/EncPk-NB
Ikarus	Trojan.Gendal
MAX	malware (ai score=100)
Jiangmin	Backdoor/FlyAgent.hp
Google	Detected
Avira	TR/Crypt.XPACK.Gen2
Varist	W32/Backdoor2.DSAQ
Antiy-AVL	Virus/Win32.Expiro.rsrc
Kingsoft	Win32.Troj.FuckCryptT.d.114176
Microsoft	Worm:Win32/Autorun.GX
Xcitium	Worm.Win32.Autorun.ABC@1r4z6o
Arcabit	Trojan.EvilEPL.6
ViRobot	Worm.Win32.A.FlyStudio.114176.NT
ZoneAlarm	Worm.Win32.FlyStudio.cd
GData	Gen:Variant.EvilEPL.6
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.FlyStudio.R2520
ALYac	Gen:Variant.EvilEPL.6
Cylance	unsafe
Panda	Trj/Genetic.gen
Zoner	Probably Heur.ExeHeaderL
Rising	Worm.Win32.Autorun.fje (CLASSIC)
Yandex	Worm.FlyStudio.AXW.Gen
SentinelOne	Static AI – Malicious PE
MaxSecure	Not-a-Virus.FlyStdio.L
Fortinet	W32/PckdFlyStudio.gen
AVG	Win32:ScramEPL [Cryp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Worm:Win/FlyStudio.IH

How to remove Worm:Win32/Autorun.GX?

Worm:Win32/Autorun.GX removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X