Virus Profile: Generic.e!71CDC3201116

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 8/28/2015
Date Added: 8/28/2015
Origin: Unknown
Length: Varies
Type: Virus
Subtype: Win32
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

This is virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases –

  • Microsoft    -    Trojan:Win32/Bagsu!rfn
  • Symantec    -    Trojan.Gen

Indication of Infection


Presence of above mentioned activities

Methods of Infection

“Generic.e!71CDC3201116” searches local drives, removable and network shares for Windows PE executable files to infect. It replaces the original entry point of the files it infects with its viral code and appends itself to the last section of the PE image.
   

Virus Characteristics

Generic.e!71CDC3201116” is a parasitic virus that infects Win32 PE executable files.

Upon execution the Virus tries to connect to the following IPs.

  • 112.[removed].12
  • irc.s[removed]l.co.cc

Upon execution the following files have been added to the system:


  • %TEMP%\lsass.exe

The below entries confirm that the Virus gets executed on every system startup:


  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Firewall: "%TEMP%\lsass.exe"
  • HKEY_USER\S-1-5-21-[varies]\Software\Microsoft\Windows\CurrentVersion\Run\Windows Firewall: "%TEMP%\lsass.exe"
   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95