Cutwail.gen.o
Cutwail.gen.o is a generic detection for a Trojan that connects to various remote computer when executed. Cutwail.gen.o can also drop additional malware and modifies system setting and Windows registry to add its own value.
Alias: Backdoor.Win32.HareBot.anq, Mal/Harebot-A, Trojan.Pandex, Trojan:Win32/Malagent
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove Cutwail.gen.o:
FIRST AID TO STOP Cutwail.gen.o:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Cutwail.gen.o, please restore Windows to previous configuration.
MANUAL REMOVAL OF Cutwail.gen.o:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
- Click on Start. Search or Run regedit.exe to begin registry editor.
Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- This Trojan can create directories and files.
- Cutwail.gen.o modifies the registry.
- Connects to a list of predefined sites using port 443 (SSL).
Malicious Files Added by Cutwail.gen.o:
•%UserProfile%\imPlayok.exe
•%System%\imPlayok.exe
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
- %System% for all versions of Windows it is located under C:\Windows\System32
Associated Windows Registry Entries:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%System%\imPlayok.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%UserProfile%\imPlayok.exe”