Thefollowing file is dropped in the same folder: the worm ensures it is started each time infected media is inserted into the computer. The system.exe file is a copy of itself, while the autorun.inf contains the following strings: [autorun];p open=system.exe;p shellexecute=system.exe;p shell\Explore\command=system.exe;p
Thefollowing instructions have been created to help you to get rid of "Win32.AutoRun" manually. Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper. If this guide was helpful to you, please consider donating towards this site. Threat Details: Categories: trojan
Openthe new GPO, and then move to the following folder: Computer Configuration\Windows Settings\Security Settings\Registry. Right-click Registry, and then click Add Key. In the Select Registry Key dialog box, expand Machine, and then move to the following folder: Software\Microsoft\Windows NT\CurrentVersion\Svchost.
Downloadtools developed by Kaspersky for detecting and removing file-encrypting ransomware, rootkits and other malware. Solutions. Renewals. Downloads. Downloads for Home Products Decrypts files with jpg, doc, pdf and rar extensions affected by TrojanâRansom.Win32.Rector malware. For instructions on how to use the tool, see this article
6Q1Q.
What is Win32Trojan-gen infection?In this short article you will locate regarding the interpretation of Win32Trojan-gen as well as its adverse effect on your is a heuristic detection designed to detect a Trojan Virus generically. Due to the generic nature of this threat, we cannot provide specific all variants of this virus information on what it the majority of the instances, Win32Trojan-gen infection will certainly instruct its targets to start funds move for the function of counteracting the modifications that the Trojan infection has actually introduced to the targetâs SummaryThese adjustments can be as complies withExecutable code extraction. Cybercriminals often use binary packers to hinder the malicious code from reverse-engineered by malware analysts. A packer is a tool that compresses, encrypts, and modifies a malicious fileâs format. Sometimes packers can be used for legitimate ends, for example, to protect a program against cracking or inter-process;Injection Process Hollowing;Creates RWX memory. There is a security trick with memory regions that allows an attacker to fill a buffer with a shellcode and then execute it. Filling a buffer with shellcode isnât a big deal, itâs just data. The problem arises when the attacker is able to control the instruction pointer EIP, usually by corrupting a functionâs stack frame using a stack-based buffer overflow, and then changing the flow of execution by assigning this pointer to the address of the data out of its own binary image. The trick that allows the malware to read data out of your computerâs you run, type, or click on your computer goes through the memory. This includes passwords, bank account numbers, emails, and other confidential information. With this vulnerability, there is the potential for a malicious program to read that binary likely contains encrypted or compressed data. In this case, encryption is a way of hiding virusâ code from antiviruses and virusâ a process and injected code into it, probably while unpacking;Collects information about installed applications;Creates a hidden or system file. The malware adds the hidden attribute to every file and folder on your system, so it appears as if everything has been deleted from your hard activity detected but not expressed in API logs. Microsoft built an API solution right into its Windows operating system it reveals network activity for all apps and programs that ran on the computer in the past 30-days. This malware hides network a copy of itself;Anomalous binary characteristics. This is a way of hiding virusâ code from antiviruses and virusâ the papers found on the targetâs disk drive â so the target can no longer utilize the data;Preventing routine accessibility to the suffererâs workstation. This is the typical behavior of a virus called locker. It blocks access to the computer until the victim pays the behaviorRelated detailsHow to remove Win32Trojan-gen ransomware?Are Your Protected?One of the most normal networks through which Win32Trojan-gen is infused isBy ways of phishing emails;As an effect of user ending up on a resource that organizes a harmful software program;As soon as the Trojan is successfully injected, it will certainly either cipher the information on the targetâs computer or avoid the tool from functioning correctly â while additionally putting a ransom money note that points out the requirement for the sufferers to effect the repayment for the objective of decrypting the documents or restoring the documents system to the first problem. In most circumstances, the ransom money note will come up when the customer restarts the PC after the system has already been distribution different corners of the world, Win32Trojan-gen grows by leaps and bounds. Nevertheless, the ransom notes and techniques of obtaining the ransom quantity might vary depending upon specific local local setups. The ransom money notes and methods of obtaining the ransom money quantity may vary depending on particular regional local instanceFaulty informs concerning unlicensed software specific locations, the Trojans often wrongfully report having detected some unlicensed applications enabled on the suffererâs tool. The sharp then requires the individual to pay the statements about unlawful nations where software application piracy is much less popular, this technique is not as efficient for the cyber frauds. Conversely, the Win32Trojan-gen popup alert might wrongly assert to be deriving from a police organization as well as will certainly report having located youngster pornography or other prohibited information on the popup alert may incorrectly claim to be acquiring from a law enforcement establishment and also will report having located child porn or various other prohibited data on the device. The alert will similarly contain a demand for the user to pay the ransom detailsFile Info crc32 8E06AB64md5 ad137e5b2ea970fcf1db83d51715f38cname 78b802f6e90a9bfe7d520cb0ae7fbc7a09b2465csha256 8309b896b0f7b895e84ac2ad491be11870e20bd101bf8e4b0dc1b8adc85b8530sha512 5973f43a2af4b9de83339fe44d8269f1e485c7b6b870122116bd17603ebd0919a329607317d28348132094ba9187bb4abeeac5595a8528bfa9b7b8f621f2d724ssdeep 24576J7/k8qDC27Gdi5xx8LvtlWy9BTuC1G86qRkNLhx4UH8A0FdEZbLFNlbfeJVN/I7UiTx8RlRrlRwhmI8nzUVnGvtype PE32 executable GUI Intel 80386, for MS Windows Version Info LegalCopyright xa9IBE Software 2016 All rights PerformedFileVersion IBE SoftwarePrivateBuild xa9IBE Software 2016 All rights PerformedProductVersion River Sdr Programming Interaction RipeTranslation 0x0409 0x04b0 Win32Trojan-gen also known as W 0040eff71 K7AntiVirusRiskware 0040eff71 BitDefenderThetaGenaqRyK4jiSymantecDownloader RDMK5yaTH2P+g6mTgocX8vX4rwEndgamemalicious high confidence ai score=100 variant of Win32/ to remove Win32Trojan-gen ransomware?Unwanted application has ofter come with other viruses and spyware. This threats can steal account credentials, or crypt your documents for why I would recommend GridinSoft1The is an excellent way to deal with recognizing and removing threats â using Gridinsoft Anti-Malware. This program will scan your PC, find and neutralize all suspicious GridinSoft can download GridinSoft Anti-Malware by clicking the button belowRun the setup the setup file has finished downloading, double-click on the file to install GridinSoft Anti-Malware on your system. An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click âYesâ to continue with the installation. Press âInstallâ button. Once installed, Anti-Malware will automatically run. Wait for the Anti-Malware scan to Anti-Malware will automatically start scanning your system for Win32Trojan-gen files and other malicious programs. This process can take 20-30 minutes, so I suggest you periodically check on the status of the scan process. Click on âClean Nowâ.When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. Click on the âClean Nowâ button in the right corner to remove them. Are Your Protected?GridinSoft Anti-Malware will scan and clean your PC for free in the trial period. The free version offers real-time protection for the first two days. However, if you want to be fully protected at all times â I can recommend you purchase a full versionFull version of GridinSoft Anti-MalwareIf the guide doesnât help you remove Win32Trojan-gen, you can always ask me in the comments to get Anti-Malware Review from HowToFix site information about GridinSoft products the authorRobert BaileySecurity Engineer. Interested in malware, reverse engineering, white ethical hacking. I like coding, travelling and bikes.
Partition Wizard Partition Manager What Is Win32Malware-gen and How to Remove It? What Is Win32Malware-gen and How to Remove It? [Partition Manager] By Linda Follow Last Updated March 17, 2020 Is your computer infected by Win32Malware-gen? Has the antivirus detected a Win32Malware-gen file? What is that and how to remove that virus? If you don't know how to deal with it, you can read this post, in which MiniTool offers you This Page What Is Win32Malware-gen?How Does It Get Inside the Computer?How to Delete Win32Malware-gen? Hello, can someone please help me understand when some file is marked as Win32Malware-gen? - Win32 Malware-gen is a specific detection named by antivirus. When you download a file, antivirus will use a variety of methods to determine whether the file is malicious, from comparing a file's contents against a database of known threats to analyzing the behavior or structure of a program to see if it exhibits patterns commonly found in malware. Then, this antivirus identifies it as a generic threat, because this file appears suspicious but does not match any known threat. When your anti-virus program warns you that it detected Win32Malware-gen on your computer, it indicates that a 32-bit file on your Windows PC may be malicious. Windows Defender VS Avast Which One Is Better for You Win32Malware-gen might sometimes indicate false positive. But in most cases, it the file identified as Win32Malware-gen is really a virus. Usually, Win32Malware-gen is a Trojan Horse, that is capable of performing various tasks such as downloading, installing or running malware on the targeted computer; operating as a keylogger and collect sensitive data, including logins, passwords, credit card information, etc. allowing remote access to the affected computer; displaying aggressive pop-ups, banners, in-text and other ads that might be not only annoying but malicious as well. Apparently, these operations will modify Windows system files, steal personal details, and eventually cause money loss, identity theft, etc. How Does It Get Inside the Computer? Just like other Trojan horses, Win32Malware-gen rarely attacks the computer by exploiting system vulnerabilities, gets inside the computer by tricking users to install it instead. This malware may infiltrate the system when you open an infected email attachment, download illegal or obfuscated programs, install fake updates, or click on malware-laden ad or downloads content from it. Therefore, to protect your computer against malware, here are some points you should pay attention to when you surf the internet Install software or updates from the official developerâs websites. Do not use unknown file-sharing websites or P2P networks. Do not click on aggressive or eye-catchy pop-ups. Some malware may display a popup that warns about available updates or delivers other security alerts. If you click it without caution, the malware will be installed on your PC. Enable anti-virus software that ensures real-time protection; Avoid visiting potentially dangerous websites, such as gaming, gambling or adult-themed; Check the information about the sender before opening unknown attachment included in the email. If you adhere to these tips, there's no way for malware to enter your PC. How to Delete Win32Malware-gen? In general, most reputable malware removal programs can identify and remove Win32Malware-gen safely. If you suspect infiltration of malware, you should run an antivirus scan. As for antivirus program, Windows Defender, Avast, Malwarebytes, AVG AntiVirus, Bitdefender Antivirus are OK. 10 Best Avast Alternatives for Windows 10/8/7 [2020 Update] Besides, if the above antivirus software fail to remove Win32Malware-gen, you can try removing it manually. Here is the tutorial Step 1 Boot into Safe Mode. Step 2 End the virus process in Task Manager. Use the Ctrl + Shift + Esc keyboard shortcut to launch the Task Manager. Navigate to the Processes tab and then click on the More details arrow at the bottom. Search for all the problematic processes and right-click them to end these processes. Step 3 Uninstall suspicious entries in Control Panel. Hold together the "Windows + R" keys. Type "cpl" into the Run box and then click OK. In the Control Panel, look for suspicious entries to uninstall them. Step 4 Disable unknown startup programs. Type "msconfig" in the search field and hit Enter. Skip to Startup tab and uncheck entries that have âUnknownâ as Manufacturer or otherwise look suspicious. Step 5 Delete entries in Registry Editor. Type "regedit" in the Windows search field and press Enter. Press the Control and F keys together and then type the virusâ name to look for all the entries with a similar name. Then, delete these entries. [SOLVED] How To Recover Files Deleted By Virus Attack Guide About The Author Position Columnist Author Linda has been working as an editor at MiniTool for 1 year. As a fresh man in IT field, she is curious about computer knowledge and learns it crazily. Maybe due to this point, her articles are simple and easy to understand. Even people who do not understand computer can gain something. By the way, her special focuses are data recovery, partition management, disk clone, and OS migration.
ï»żWhen you use Avast to detect your PC, it may detect a file called Win32Evo-gen. You may wonder is it a virus and how to remove it if is a virus. Now, read this post from MiniTool to get detailed information about Win32 This Page What Is Win32Evo-gen?How Does Win32Evo-gen Destroy Your PC?How to Remove Win32Evo-gen?How to Prevent Virus from Infecting Your PCMiniTool ShadowMaker Can Keep Your Data SafeFinal WordsWhat Is Win32Evo-gen? What is Win32Evo-gen? Win32Evo-gen is also called Win32Evo-gen [Susp], which is the infection code detected by Avast antivirus software. When a Trojan horse is found on the system, or a file/application seems to have a Trojan horse-like function or such behavior, it will be displayed. Win32 Evo-gen is a detection alert that Steam users and online gamers encounter more often than other Internet browsers. However, the Win32Evo-gen code can also be a false positive, so you should double-check the file before removing it from the system. Related articles What Is Win32MdeClass and How to Remove It from Your PC Is Win32Bogent a Virus and How to Deal with Different Scenarios? How Does Win32Evo-gen Destroy Your PC? Win32Evo-gen infection can usually install itself by copying its executable file to a Windows or Windows system folder, and then modify the registry to run this file every time the system starts. Win32Evo-gen [Susp] usually modify the following sub-items HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run The Win32Evo-gen virus will perform some or all of the following actions Use your computer to commit click fraud. Record your keystrokes and visited sites. Random web page text becomes a hyperlink. Download and install other malicious software. Allow remote malicious hackers to access your PC. The advertising banner is injected into the web page you are visiting. A browser pop-up window appears, recommending fake updates or other software. Send information about your PC including username and browsing history to remote malicious hackers. All these operations may appear on the screen along with the slowness of the system and system crashes. How to Remove Win32Evo-gen? How to remove Win32Evo-gen? If your computer is infected by Win32Evo-gen and it canât boot normally, you should try to restart your computer to Safe Mode with the network connection or perform the system restore to delete the virus. The instructions are as follows Way 1 Manually Delete Using Safe Mode Step 1 Access Safe Mode with Networking Itâs recommended to remove the Win32Evo-gen virus in the Safe Mode. 1 Aceess Safe Mode in Windows 7/Vista/XP Restart your PC and press the F8 key or other keys, it all depends on your motherboard model to enter Advanced Boot Options. Then, use the arrow key to select Safe Mode with Networking. 2 Access Safe Mode in Windows 8/10 1. Press the Windows + I keys at the same time to open the Settings application. 2. Click the Update & Security part. Then, go to the Recovery tab. Under the Advanced start-up part, click Restart now. 3. Select Troubleshoot > Advanced options > Startup Settings. Then, press Restart and use the arrow key to choose 5 Enable Safe Mode with Networking. Step 2 Close Suspicious Processes If Win32Evo-gen is running a process, you need to close the process in Task Manager. 1. Press the Ctrl + Shift + Esc keys at the same time to open Task Manager. 2. Click More details. Then, scroll down to the background processes section and look for any suspicious content. Right-click the suspicious process and select Open file location. 3. Go back to the process, right-click it and select End Task. Then, delete the contents of the malicious folder from the location you opened just now. Step 3 Check Program Startup 1. Open Task Manager again and navigate to the Start-up tab. 2. Right-click the suspicious program and click Disable. Step 4 Delete the Win32Evo-gen Virus Folder 1. Press the Windows + Skeys at the same time to open the search. Then type Disk Cleanup and select the first option. 2. Select the drive you want to clean C is your main drive by default and is likely to be the one that has malicious files in. 3. scroll down the listed files under Files to delete, find, and delete the following ones Temporary Internet Files Downloads Recycle Bin Temporary files 4. Click the Clean up system files option and click OKto start cleaning. 5. You can also look for other malicious files hidden in the following folders. You need to type these entries in the Search box and press Enter. %AppData% %LocalAppData% %ProgramData% %WinDir% Way 2 Perform a System Restore You can also perform a system restore to remove the Win32Evo-gen virus. But you need to notice that only if you have created a system restore point, you can try this method. Here are the steps. Step 1 Enter Safe Mode with Command Prompt 1 Aceess Safe Mode in Windows 7/Vista/XP Restart your PC and press the F8 key or other keys, it all depends on your motherboard model to enter Advanced Boot Options. Then, use the arrow key to select Safe Mode with Command Prompt. 2 Access Safe Mode in Windows 8/10 Enter Safe Mode and choose 6 Enable Safe Mode with Command Prompt. Step 2 Restore System Files and Settings 1. Once the Command Prompt window is displayed, input cd restore and press the Enter key. 2. Then, input and press the Enter key. 3. When a new window appears, click Next and select the restore point before Win32Evo-gen infection. When finished, click Next. 4. Now, click Yes to start the system restore. Once you restore the system to the previous date, you can run the antivirus tool to scan your computer to make sure you have removed the Win32Evo-gen virus. How to Prevent Virus from Infecting Your PC After removing the virus, you should take some actions to prevent your computer from being infected again. There are some useful suggestions for you, you can make a reference. Install antivirus software and keep it up to date and run regularly scheduled scans with your antivirus software. You may be interested in this post - Is Antivirus Necessary for Windows 10/8/7? Get the Answer Now! keep your operating system up to date. Secure your network and donât use open Wi-Fi. Use multiple strong passwords to keep your privacy safe. This post can be helpful to you - Configure Windows 10 from These 3 Aspects to Protect Your Privacy. Back up your files regularly. Click to Tweet Backing up files and data regularly can recover them when you lose your data because of the virus intrusion. Speaking of backup, MiniTool ShadowMaker is worth recommending. It is an all-around and professional backup software designed for Windows 11/10/8/7, providing you with a data protection & disaster recovery solution. Now you can download and try MiniTool ShadowMaker Trial Edition to do the backup task. Free Download Letâs see how to use MiniTool ShadowMaker to back up your files. Step 1 Double-click MiniTool ShadowMaker to launch it on your computer, then click Keep Trial to get into its main interface. Step 2 Go to the Backup page. You can find that MiniTool ShadowMaker selects the operating system as the backup source by default. To directly create a system image backup, go to Step 3. If you want to back up files, click Source > Folders and Files, and then choose the files that you want to back up. Click OK. Step 3 Click the Destination button, choose a destination to save your backup files, and then click OK. It is highly recommended to select an external hard drive to save your backup. Step 4 At last, click Back up Now to start the backup for your computer, or you can click Back up Later to delay the task. Tip To back up files automatically, you can click Schedule on the Backup page. MiniTool ShadowMaker can back up your important files regularly after turning this feature on to specify a time point. You can use another feature of MiniTool ShadowMaker to back up files Sync. Here is how to sync files Step 1 After launching MiniTool ShadowMaker, go to the Sync page. Step 2 Click the Source and Destination module to choose the files that you want to sync and the storage path. Step 3 Click the Sync Now button to immediately perform the sync process. Also see 5 Useful Solutions to Sync Files Among Multiple Computer The following are some features of MiniTool ShadowMaker Back up files automatically based on your needs via 2 methods â create an image for files and sync files. Back up the entire disk and selected partition. Clone your disk to another one. Support full backup, incremental backup, and differential backup. Back up your PC to an external hard drive, USB drive, NAS, etc. You can read this post - What Is a NAS Drive and How to Do a NAS Backup on Windows 10. MiniTool ShadowMaker also supports restore Windows backup to a different PC with dissimilar hardware. This post - How Can You Do Windows Backup Restore to Different Computer can help you do that. Further Reading The virus is one of the culprits that cause the loss of pictures, documents, videos, and other important files. When your documents, system files, and images are encrypted by them, more serious damage can be caused. In particular, ransomware is a type of malware that focuses on such functions. If your files are lost and you want to recover them, you can use MiniTool Power Data Recovery, a file recovery tool. This software is specially designed to recover data from all kinds of drives. It can detect the hidden drive on your computer. With the free edition of this software, you can scan the target hidden drive and check whether it can find the files you want to recover. Free Download Tip To recover lost files, this post - How To Easily Recover Deleted/Lost Files On PC In Seconds - Guide can satisfy your demands. Final Words To sum up, this post has shown what Win32Evo-gen is, how it destroys your computers, how to perform Win32Evo-gen virus removal, and how to prevent the computer from Win32Evo-gen virus. If you have any different ideas of the Win32Evo-gen virus, you can share them in the comment zone. If you have any problem with MiniTool software, please feel free to contact us via the email [email protected] and we will reply to you as soon as possible.
What is Win32/ infection?In this post you will certainly locate regarding the definition of Win32/ and its adverse effect on your computer. Such ransomware are a form of malware that is elaborated by on-line scams to demand paying the ransom money by a of the situations, Win32/ virus will instruct its targets to launch funds transfer for the function of counteracting the modifications that the Trojan infection has actually introduced to the victimâs SummaryThese modifications can be as adheres toAttempts to interact with an Alternate Data Stream ADS;Anomalous binary characteristics. This is a way of hiding virusâ code from antiviruses and virusâ the records found on the suffererâs hard drive â so the sufferer can no longer make use of the information;Preventing normal access to the suffererâs workstation. This is the typical behavior of a virus called locker. It blocks access to the computer until the victim pays the detailsHow to remove Win32/ ransomware?Are Your Protected?The most regular networks whereby Win32/ Trojans are infused areBy methods of phishing emails;As a repercussion of individual winding up on a resource that hosts a malicious software program;As soon as the Trojan is efficiently injected, it will either cipher the information on the suffererâs computer or stop the tool from operating in a correct way â while also placing a ransom note that discusses the demand for the victims to impact the payment for the objective of decrypting the documents or bring back the data system back to the first problem. In most instances, the ransom note will certainly turn up when the client restarts the COMPUTER after the system has actually already been circulation different edges of the world, Win32/ expands by leaps and bounds. Nevertheless, the ransom notes and tricks of extorting the ransom money quantity may differ relying on certain neighborhood regional setups. The ransom money notes as well as techniques of obtaining the ransom quantity may vary depending on particular regional regional exampleFaulty signals concerning unlicensed certain locations, the Trojans frequently wrongfully report having actually detected some unlicensed applications made it possible for on the suffererâs tool. The sharp after that demands the customer to pay the ransom statements regarding unlawful web nations where software program piracy is much less preferred, this approach is not as effective for the cyber scams. Conversely, the Win32/ popup alert might falsely claim to be originating from a law enforcement organization and will report having located child porn or other prohibited data on the popup alert might wrongly assert to be obtaining from a regulation enforcement establishment and also will certainly report having located child porn or various other unlawful information on the gadget. The alert will in a similar way include a need for the customer to pay the detailsFile Info crc32 A63F94FDmd5 4e8230bc923fc65f5a4600dfadd3b05cname 15157cbce2d729d96c6372abda87263e3a73f3a7sha256 89311682ff19113db1b681c8be3f70b7a99548960897f61e9a2c462292f1cdccsha512 bef12cce1811cc79516f6e829c6b5c8c8ef1719c88e2af0af1f05451d85a82f260a4179827e878fc5de3ebe5b82a847155c9bf5001babfadfa3589ee80f321e9ssdeep 384KxYNeR0uK332cGMhBeLguggPFOi1v+WvlH80uK332cGMhBqeUvL9type PE32 executable GUI Intel 80386, for MS Windows Version Info 0 [No Data] Win32/ also known as 0002d5eb1 Elasticmalicious high confidence score 100 WAlibabaRansomWin32/ 0002d5eb1 1cn723BitDefenderThetaGen BSentinelOneStatic AI â Suspicious ai score=80 CLOUD to remove Win32/ ransomware?Unwanted application has ofter come with other viruses and spyware. This threats can steal account credentials, or crypt your documents for why I would recommend GridinSoft1There is no better way to recognize, remove and prevent PC threats than to use an anti-malware software from GridinSoft can download GridinSoft Anti-Malware by clicking the button belowRun the setup setup file has finished downloading, double-click on the file to install GridinSoft Anti-Malware on your system. An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click âYesâ to continue with the installation. Press âInstallâ button. Once installed, Anti-Malware will automatically run. Wait for the Anti-Malware scan to Anti-Malware will automatically start scanning your system for Win32/ files and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process. Click on âClean Nowâ.When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the âClean Nowâ button in right corner. Are Your Protected?GridinSoft Anti-Malware will scan and clean your PC for free in the trial period. The free version offer real-time protection for first 2 days. If you want to be fully protected at all times â I can recommended you to purchase a full versionFull version of GridinSoft Anti-MalwareIf the guide doesnât help you to remove Win32/ you can always ask me in the comments for getting Anti-Malware Review from HowToFix site information about GridinSoft products the authorRobert BaileySecurity Engineer. Interested in malware, reverse engineering, white ethical hacking. I like coding, travelling and bikes.
how to remove trojan win32 autorun gen
