Trojan.Win32.Genome

Trojan.Win32.Genome is a harmful threat that will spread via instant messaging software and has another payload of downloading and executing a variants of W32.Spybot.Worm on compromised computer. In addition, Trojan.Win32.Genome also interfere with your connection to security-related web sites making sure that no updates will be downloaded onto the infected computer.

Aliases: Mal/Generic-A, Generic.dx, W32.Kelvir, W32/Generic.worm!im

Damage Level: Low

Systems Affected: Windows 9x, 2000, XP, Windows Vista/7

Characteristics
When Trojan.Win32.Genome is executed, it will connect to specified command and control (C&C) server. When connection is established, the Trojan then downloads a malicious file. This file is hard to identify due to random file name it is utilizing. Trojan.Win32.Genome then infects certain system files in order to initiate its command each time you start Windows.

There is also an observation that Trojan.Win32.Genome Trojan is utilized to alter settings of victim’s Internet browser. Effects of these changes can be browser redirection, search result hijacking, and unknown home page setting. However, search result hijacking is apparent to most victims. Report shows that after using Google to search the web, user will be redirected to unknown web site after clicking on any of the result. This however leads to an income generating action. The landing page delivers advertisements that when clicked or viewed will earn a profit for the referrer.

Distribution
Trojan.Win32.Genome normally spreads on instant messaging applications. It is sent as an attached file or link that when execute will download malicious code onto victim’s computer.

Signs and Symptoms of Trojan.Win32.Genome Infection:

Trojan.Win32.Genome will disable your antivirus program
Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus program. Trojan.Win32.Genome carry out this task to ensure that antivirus software will not respond on the attack.

Blocks Internet access to security web site
Trojan.Win32.Genome attacks the center of the security system. Aside from disabling antivirus software, this Trojan also blocks your access to security web site to prevent downloading of any removal tools.

Presence of Trojan.Win32.Genome reduces PC's performance
Trojans are known to reside in the memory, thus, it can consume resources that can cause computer to slow down. There are cases that infected computer crashes due to insufficient resources.

Other Functions of Trojan.Win32.Genome:

  • Trojan.Win32.Genome can communicate to a remote server to download more threats
  • It can infect executable files on the local and network drives
  • This hazardous Trojan can connects to a distant server to update its configuration
  • Some variants of Trojan.Win32.Genome can destroy system files making the computer unstable
  • This Trojan can allow a backdoor entry for an attacker to control the infected PC

How to Remove Trojan.Win32.Genome

Step 1 - Run a thorough scan using your antivirus program

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Trojan.Win32.Genome

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.

SafeMode

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.

Step 2 - Double-check with Online Virus Scanner

Another way to remove Trojan.Win32.Genome without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Scan

6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Step 3 - Automatic Removal of Trojan.Win32.Genome files and registry entries

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

4 Comments

  1. Steve

    A-Squared (free trial period) will detect (Win32.Genome.gsy) and give one the option to quarantine or delete it.

  2. ESO

    I’m not sure why it’s labeled “LOW RISK” – when I quarantined this last night it took important drivers with it, and crashed my machine.

  3. Lee

    Well, A-squared constantly finds this and quarantines it, next time I check again, it’s back, along with more! Definitely comes up with High Risk and is located in SVI restore! Perhaps that’s why it’s constantly coming back?
    So, how do I remove it permanently?

  4. Hi

    Pls anyone knows to remove this virus completely.

    Hope to see your comments.

    Thanks
    Ajith

Comments are closed.