Cutwail.gen.o

Cutwail.gen.o is a generic detection for a Trojan that connects to various remote computer when executed. Cutwail.gen.o can also drop additional malware and modifies system setting and Windows registry to add its own value.

 Alias: Backdoor.Win32.HareBot.anq, Mal/Harebot-A, Trojan.Pandex, Trojan:Win32/Malagent

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

How to Remove Cutwail.gen.o:

FIRST AID TO STOP Cutwail.gen.o:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Cutwail.gen.o, please restore Windows to previous configuration.

MANUAL REMOVAL OF Cutwail.gen.o:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
– After turning on the power, press F8 on the keyboard.
– Select Safe Mode from the menu.

3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
– Click on Start. Search or Run regedit.exe to begin registry editor.

Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.

5. Exit registry editor and restart Windows.

ADDITIONAL TOOLS AND PROGRAMS:

Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.

Technical Details and Additional Information:

Other functionalities of this Trojan:
– This Trojan can create directories and files.
– Cutwail.gen.o modifies the registry.
– Connects to a list of predefined sites using port 443 (SSL).

Malicious Files Added by Cutwail.gen.o:
•%UserProfile%\imPlayok.exe
•%System%\imPlayok.exe

File Location for Windows Versions:

  • %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %System% for all versions of Windows it is located under C:\Windows\System32

Associated Windows Registry Entries:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%System%\imPlayok.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
imPlayok = “%UserProfile%\imPlayok.exe”

Alternative Removal Method for Cutwail.gen.o

Option 1 : Use Windows System Restore to return Windows to previous state

If Cutwail.gen.o enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Cutwail.gen.o infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.