14 april 2014

Remove Trojan/Downloader.Geral.sie

Trojan/Downloader.Geral.sie is a generic detection used by Emsisoft Anti-Malware, Microsoft Security Essentials, Avast Antivirus and other antivirus products for a file that appears to have trojan-like features or behavior.
Trojan/Downloader.Geral.sie contains malicious or potentially unwanted software which downloads and installs on the affected system. Commonly, this infection will install a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system.

What is the Trojan/Downloader.Geral.sie infection?

Trojan/Downloader.Geral.sie is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Trojan/Downloader.Geral.sie is a is a broad classification used by Microsoft Security Essentials, Windows Defender and other antivirus engines a file that appears to have trojan-like features or behavior for software that exhibits suspicious behavior categorized as potentially malicious.
Trojan/Downloader.Geral.sie is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
The Behavior Monitoring feature observes the behavior of processes as they run programs. If it observes a process behaving in a potentially malicious way, it reports the program the process is running as potentially malicious.
Due to the generic nature of this detection, methods of installation may vary. The Trojan/Downloader.Geral.sie infections may often install themselves by copying their executable to the Windows or Windows system folders, and then modifying the registry to run this file at each system start. Trojan/Downloader.Geral.siewill often modify the following subkey in order to accomplish this:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Trojan/Downloader.Geral.sie may contact a remote host at opencapture.co.kr using port 80. Commonly, malware may contact a remote host for the following purposes:
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

Is Trojan/Downloader.Geral.sie a False Positive ?

Files reported as Trojan/Downloader.Geral.sie are not necessarily malicious. For example, users can be tricked into using non-malicious programs, such as Web browsers, to unknowingly perform malicious actions, such as downloading malware. Some otherwise harmless programs may have flaws that malware or attackers can exploit to perform malicious actions. Should you be uncertain as to whether a file has been reported correctly, we encourage you to submit the affected file to https://www.virustotal.com/en/ to be scanned with multiple antivirus engines.

How did Trojan/Downloader.Geral.sie infection got on my computer?

The Trojan/Downloader.Geral.sie virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Trojan/Downloader.Geral.sie virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

Run RKill to terminate Trojan/Downloader.Geral.sie malicious processes

RKill is a program that will attempt to terminate all malicious processes associated with Trojan/Downloader.Geral.sie infection, so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop Trojan/Downloader.Geral.sie running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
  1. While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that Proven Antivirus Protection won’t block this utility from running.
    RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe)
  2. Double click on iExplore.exe to start RKill and stop any processes associated with Trojan/Downloader.Geral.sie.
  3. RKill will now start working in the background, please be patient while the program looks for Trojan/Downloader.Geral.sie malicious process and tries to end them.
  4. When the Rkill utility has completed its task, it will generate a log. Do not reboot your computer after running RKill as the malware programs will start again.

Geen opmerkingen:

Een reactie plaatsen

Opmerking: alleen leden van deze blog kunnen een reactie plaatsen.