Cutwail.gen.o

Cutwail.gen.o is a generic detection for a Trojan that connects to various remote computer when executed. Cutwail.gen.o can also drop additional malware and modifies system setting and Windows registry to add its own value.

 Alias: Backdoor.Win32.HareBot.anq, Mal/Harebot-A, Trojan.Pandex, Trojan:Win32/Malagent

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

How to Remove Cutwail.gen.o:

FIRST AID TO STOP Cutwail.gen.o:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Cutwail.gen.o, please restore Windows to previous configuration.

MANUAL REMOVAL OF Cutwail.gen.o:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
– After turning on the power, press F8 on the keyboard.
– Select Safe Mode from the menu.

3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
– Click on Start. Search or Run regedit.exe to begin registry editor.

Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.

5. Exit registry editor and restart Windows.

ADDITIONAL TOOLS AND PROGRAMS:

Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.

Technical Details and Additional Information:

Other functionalities of this Trojan:
– This Trojan can create directories and files.
– Cutwail.gen.o modifies the registry.
– Connects to a list of predefined sites using port 443 (SSL).

Malicious Files Added by Cutwail.gen.o:
•%UserProfile%\imPlayok.exe
•%System%\imPlayok.exe

File Location for Windows Versions:

  • %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %System% for all versions of Windows it is located under C:\Windows\System32

Associated Windows Registry Entries:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%System%\imPlayok.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%UserProfile%\imPlayok.exe”