Trojan.Generic is an undetermined parasite detected by multiple antivirus vendors from various signs. This means that the file detected is malicious. While it is impossible to figure exact nature of such detection, one can assume that this PC is compromised.
The term Trojan determines distribution methods of this parasite. All such infections are installed disguised as something else. It might be distributed using email attachments, downloads from websites, through infected USB or through web exploits. Basically, all such parasites require user interaction for infection.
The “Generic” part means that trojan performs undetermined function or it is unknown at the moment. Many fresh threats might get detected as Trojan.Generic, which means that Antivirus vendors do not know what exactly this executable does at the moment or they don’t really care. This might result in partial removal only. It is always useful to know the function trojan performs.
Another possibility is that trojan is detected by heuristic algorithm. This means that antivirus program has detected something similar to other computer parasites, like functions to hide, etc. The parasite is stopped but the real purpose of such trojan remains unclear.
The real function of such Trojans might be one or more of the following :
- Downloader : Downloads other parasites and infects system further. This is one of the most common types of Trojan infection. You should scan your system for other parasites.
- Banker, keylogger or Spyware : Tries to steal your credit card information or other private data; You have to make sure that your passwords and sensitive information was not leaked to malware makers.
- Rogue, FakeAV, FakeAlert or Ransomware, Froadload: will try to scare you into spending money for their useless functions; The removal instructions depend on the type of the parasite as some of them use complex strategies of keeping running.
- Bitcoin Miner, Clicker, SpamBot, Flooder or similar : will use computer resources for their own purposes. For example it might click on various advertisements in the background or send out spam. Such parasites will make your PC slower and might use up your bandwidth.
- Rootkit : protects other parasites from detection and limits your access to PC.
- Trojan.obfuscate – tries to hide its content.
- Botnet: might do several functions depending on command.
Here is a sample video on how trojans infect PC and what trojan downloader does:
In video we see a trojan that pretends to be a compressed image. On execution it launches archive management program with dummy archive and installs another computer parasite (“payload”) on the system.
Note, that generic computer parasite names are used by fake antiviruses as detections as well. Some trojans are quite popular. Some of them are following :
- Trojan.Obfuscated.vin – Should be hidden trojan, but in the most cases it was used by rogues.
- Lsass.Blaster.Keylogger – A technical name for Sasser worm, which was active in 2004 and which used LSASS buffer overflow vulnerability. Later on it was widely used by Rogue Antiviruses as fake threat. The same parasite is mentioned in fake alerts as Blaster/Sasser.variant too.
- Trojan-IM.Win32.Faker.a was used by Internet Security and several others. The real one was used to steal passwords from MSN users.
- Bancos Trojan was created to steal mainly logins and passwords to reach bank systems, mainly in Brazil, although some variants, may attack other locations too.
- Trojan.Ursnif. It can spread through infected remote or removable drives, such as USB flash drives. The Trojan steals bank account numbers, credit card information, and online login credentials.
- Unknown Win32/Trojan. Win32/Trojan can cause identity theft. It may also allow an attacker to manipulate the system, download and upload files, execute a program, and update the Trojan. On top of that the trojan may install another malware from a distant server.
- Trojan.Bootlock infects the master boot record (MBR) of the compromised computer preventing it from restarting.
- Lsass.Trojan-Spy.DOS.Keycopy is a fake security threat that appears on a fake Windows Security Alert displayed by a rogue anti-spyware Malware Destructor 2009 in order to convince you that your computer is infected.
- Trojan-Downlaoder.Win32.Dadobra.bru is often reported by fake security tools in order to intimidate people and make them buy the software.
- Trojan-PSW.BAT.Cunter is another fake warning message which is displayed by a trojan that promotes Internet Antivirus rogue antispyware software. If your are receiving Trojan-PSW.BAT.Cunter warning alerts, it means your computer is infected by Internet Antivirus.
- Kollah. It installs rogue files, particularly with the function of modifying your browser proxy-related settings. As a result, your Internet access slows down and unwanted websites keep getting loaded through pop-ups or directly in the active browser window.
- FunnyPicture.jpg.exe. FunnyPicture.jpg.exe trojan spreads through spam emails.
- Bredolab. It may arrive on the computer through email or a drive-by download. The primary function of this threat is to download more malware on to the compromised computer. It is likely that the authors of the threat are associated with affiliate schemes that are attempting to generate money through the distribution of malware. The threat may also be used to help construct a bot network that can be sold or hired for monetary gain.
- Zlob.P0rn.ad is dangerous malware that produce fake alerts of infection and supposed risk notifications. It promotes fake antimalware programs, for example: Miscro Antivirus 2009, MS Antivirus 2008 and Vista Antivirus 2008.
- Trojan.VxGame attempts to close all the security services as soon as it enters the system in order to avoid malware detection.
- Trojan.Vundo downloads files and displays pop-up advertisements. It is known to be distributed through spam email, peer-to-peer file sharing, drive-by downloads, and by other malware.
- Trojan.Clicker-JC secretly imports other harmful parasites, such as adware, Trojans, and viruses. It may also have an ability to use rootkit techniques with a malicious purpose to hijack and inject itself into system processes.
- Lsass.exe is responsible for distributing FBI virus and other police and FBI related ransomware.
- Wincod is a Trojan horse that displays message boxes and modifies settings on the compromised computer.
- AnonPop encryption algorithms are utilized to make files unavailable and inaccessible.
- KratosCrypt ransomware slips an additional entry in the Windows Registry. As a result, anytime infected users launch their computers, this virus gets a chance to encrypt files.
- Payms ransomware uses assymetric encryption algorithm to encrypt the victim’s data. It appends .pay, .pays, .payms or .paymst extensions to the filename extensions of encrypted files.
To remove Trojan.Generic, I recommend scanning with several anti-malware programs. This helps to make sure that parasite will be removed completely, as different tools use different detection databases and methods. Do not leave Trojan.Generic running on PC – it might download other parasites.
Automatic Trojan.Generic removal tools
Important Note: Although it is possible to manually remove Trojan.Generic, Trojan.Fraudload, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.