This article written by MiniTool company brings a new and popular trojan Win64:Malware-Gen in front of your eyes. It was named by Avast and Avg antivirus system for suspicious but unknown files. Win64:Malware Gen has similarities compared to other trojans or viruses while is different from others in some aspects. Read below for details.

Avast Keeps Catching Virus: Win64:Malware-gen

I have this problem, where Avast keeps catching this virus called Win64:Malware over and over again for about 20 days now, and I’m not sure what I should do about it.  I added the logs from Malwarebytes and Farbar Recovery Scan Tool. The infected file is wmcodecs.dll and the location is C:\Windows\System32. I think the Avast background scanner is catching it.  Maybe you could help me with this problem?

What Is Win64 Malware Gen?

Win64:Malware-gen is a heuristic detection designed and used by Avast Antivirus for generically detecting a trojan horse. Win64 Malware gen exe can be ransomware that hijacks and decrypts files within the infected computer and ask people to pay to unlock those files.

In most situations, Win64:Malware-gen ransomware will suggest that its victims carry out a money transfer to reduce the chances that the trojan infection presents to the target gadget.

In general, the changes made to target computers are of bellow:

  • Open, edit, modify, rename, encrypt, move, distribute, delete, or destroy files.
  • Network activity detected without record in API Microsoft integrates an API solution into its Windows operating system (OS) to reveal network activity for all applications running on the computer in the last 30 days. However, Win64:Malware-gen hides network activity.
  • Prevent routine access to the target’s workstation, which is the typical behavior of a virus called locker. It blocks access to the computer until the owner pays the ransom.
Tip: Malware-gen Trj, Samas ransomware, quakbot virus, and Ransom:Win32/Gandcrab!MTB will do similar changes to their attacked computers.  

How Does Win64:Malware-gen Infect a Computer?

There are two main ways for Win64 Malware-gen to get into your machine. On the one hand, it can inject itself into a computer by phishing e-mails. On the other hand, when users wind up on a source that contains destructive software, it plays as a repercussion.

Also, there are some other ways that Win64 malware gen may take to spread like pirated software installer, cracked programs, software loaders, software keygens, etc. downloaded from unknown sites, torrent websites, strange links, fake updates, and other unsafe sources.

How Does Win64 Malware Gen Work?

Once Win64:Malware-gen is fully infused, it will encrypt the data on the host or prevent programs from working properly. At the same time, Win64:Malware gen generates a ransom note for the victim requiring him to pay for decrypting the data or unblocking the tools. Usually, victims will see the ransom note when they reboot their computers after finding that they are hijacked.

In many places all over the world, Win64 Malware-Gen grows by jumps and bounds. Yet, the method for getting ransom and the ransom note vary through certain local/regional settings.

For example, in certain areas, Win64:Malware-gen may rely on faulty warning messages informing of unlicensed software on victim’s computer. Usually, it will report that it has found some unlicensed programs on the machine and ask the owner to pay ransom money.

Or, in nations where app privacy is less prominent, on the contrary, Win64:Malware Gen will pretend to come from an enforcement establishment and send a faulty alarming message claiming that illegal and unlawful information has been found on the victim’s computer. Also, a ransom payment is required. 

Does Avast Remove Malware & How to Remove Malware with Avast?
Does Avast Remove Malware & How to Remove Malware with Avast?

Does Avast detect malware? Does Avast get rid of viruses? Does Avast free remove spyware, rootkits, keyloggers, adware, trojans, ransomware, and infected files?

Read More

Win64:Malware-gen Variants in Different Security Apps?

The following list is ordered by alphabet letters from A to Z.

  • Alibaba Cloud Security Center: TrojanDropper:Win64/LaZagne.8fcc6442
  • Avast: Win64:Malware-gen
  • AVG: Win64:Malware-gen
  • Avira: HEUR/AGEN.1046641
  • Bitdefender: Trojan.PasswordStealer.GenericKDS.33544129
  • Web: Trojan.Siggen9.20767
  • Emsisoft: Trojan.GenericKD.33545160 (B)
  • FireEye:
  • F-Secure: Heuristic.HEUR/AGEN.1046641
  • GridinSoft: Trojan.Ransom.Gen
  • K7GW: Riskware ( 0040eff71 )
  • Kaspersky: not-a-virus:HEUR:PSWTool.Python.LaZagne.gen
  • McAfee: Artemis!D08C3A2F1F53
  • McAfee GW Edition:
  • Microsoft: Trojan:Win32/Occamy.C
  • Qihoo 360: HEUR/QVM10.1.E9CF.Malware.Gen
  • Sophos: Generic PUA KE (PUA)
  • Symantec: Trojan.Gen.MBT
  • Trend Micro Apex One: Malicious
  • TrendMicro HouseCall: TROJ_GEN.R002H07CE20

How to Tell Whether You Are Infected with Win64 Malware-gen or Not?

In real situations, it is easy to find out whether you are infected with a virus/malware or not. If someday you find your computer runs extremely slow suddenly without any unusual action taken the days before, probably together with unknown processes running, strange browser activities, antivirus programs reporting unlocated threats, applications stuttering, screen flickering, and even unexpected computer shutdown, you are most likely been infected with some malware.

What Are the Negative Effects Caused by Win64:Malware-gen?

Below lists some possible effects that Win64:Malware may cause to infected computers:

  • Download and install other malware.
  • Send browser popups with fake program updates or installation.
  • Execute click fraud.
  • Reuse your computer as a spam tool or put it into a botnet.
  • Record computer activities like visited websites, chats, keystrokes, etc. and sent them to a remote hacker.
  • Take screenshots of your activities and even hack your webcam to record videos.
  • Enable a remote hacker to access your computer by editing and creating registry entries to steal your login credentials including usernames and passwords.
  • Post ads to you while you are surfing the Internet.
  • Turn random webpage text into hyperlinks.

Once get your sensitive data, the culprits may use it to log into your bank account to make fraudulent transactions, transfer money to their accounts, purchase products, etc. Your personal ID may be used to conduct identity frauds, gamble, borrow money from usury, and many other illegal activities. All in all, you may suffer great financial loss once your privacy is leaked.

Top 10 Anti Hacking Software to Protect Your Computer
Top 10 Anti Hacking Software to Protect Your Computer

Your computer may become crashed due to the attack of hackers. This post shows the top 10 anti hacking software to protect your computer.

Read More

How to Remove Win64:Malware-gen?

Actually, there is no official and almighty way to completely delete Malware-gen from your computer. Yet, the popular method is to use one or more of the famous antivirus programs to scan for your computer and it may automatically delete the Win64:Malware-gen files for you.

#1. Clear Malware with Kaspersky TDSSKiller

As for the case at the beginning of this article, the user gets his malicious file removed by using TDSSKiller. Just download it on the infected computer, run the TDSSKiller.exe and Accept its End User License Agreement and Security Network Statement. At last, click Start Scan to begin. Wait for the success of the disinfection.

Kaspersky TDSSKiller Start Scan

#2. Rely on Malwarebytes to Delete Malware Gen files

If you do not have Malwarebytes currently, just download one from its official site and install it on your computer. Then, in its main Dashboard, click Scan Now to have a full scan of your machine. When it finishes scanning, all threats on your computer will be listed out. Choose the files you want to isolate including the Malware Gen files and click Quarantine Selected. To completely remove selected files, you need to restart your machine.

Also read: Is Malwarebytes Safe for Windows? Here Is What You Need to Know

#3. Scan for Unwanted Programs and Malware by HitmanPro

Similarly, download and install HitmanPro if you don’t have it now. Then, open the application and click Next on its first screen to start scanning your computer for all traces of malware, viruses, trojans, rootkits, spyware, and so on. When it completes, click Next to delete all the malware HitmanPro finds.

Before deletion start, HitmanPro will ask for registration. You can choose Activate free license to use its 30-day free trial.

#4. Use Emsisoft Emergency Kit to Double-check for Malware

Also, first of all, download Emsisoft Emergency Kit on your computer. Within the toolkit, there is Emsisoft Scanner, which is able to scan your machine for viruses, trojans, worms, spyware, adware, keyloggers, dialers…

Then, double-click the downloaded file and select Extract in the pop-up window. Now, you can see a “Start Extract Emsisoft Emergency Kit” icon on your desktop. Double-click the icon to launch the program. If it asks for an update, just allow it.

Lastly, you enter into Emsisoft Emergency Kit’s main interface. There, click on the SCAN tab on the top menu and choose the recommended Smart Scan to have a quick scan for all places that malware usually infects. When the scan finishes, click Quarantine selected to remove all the detected and selected malicious files. 

#5. Reset Browser to Default Settings

Finally, if you are still suffering from Win64:Malware-gen notification while using your web browsers like Chrome, Firefox, and Microsoft Edge, you need to reset your browser to its default settings.

Reset Google Chrome to Default Settings

Within the Chrome browser, click the three dots on the upper right of the browser window and choose Settings. In the opened new window, scroll down to find Advanced and click it to unfold advanced settings. Then, continue to scroll down, find Reset and clean up, click Restore settings to their original defaults, and select Reset Settings to confirm in the pop-up mini window.

Reset Chrome to Default Settings

Reset Mozilla Firefox to Default Settings

Open Firefox, click on the three dashes on the top right corner and select Help > Troubleshooting Information. Then, in the new window, click Refresh Firefox under the Give Firefox a tune up. Next, a small window will pop up telling you what the refresh will bring to you. Just confirm by clicking Refresh Firefox.

Reset Firefox to Default Settings

Besides, you can perform other methods to try to get rid of the Win64:malware-gen issue, such as reinstall your browser, change your password, as well as update your Windows systems.

If unfortunately, you still experience Win64:malware warning after implementing all the methods above, you may turn to refer to other powerful antimalware tools in the market for solving your problem.

Tip: If a File is reported as Win64:Malware-gen, it doesn’t mean that it surely is malicious (false positive). You can further identify it by uploading it to The VirusTotal will scan the target file with multiple antivirus engines and give you the final result.

Click to Tweet

How to Protect Data from Future Risks?

Just as described in the above content, Win64 malware may encrypt your data to prevent you from accessing it, collect and send your browser history to cybercriminals for further malicious actions, or just destroy your crucial files. If you haven’t been infected by it now, you are lucky and it is a great moment to take some actions to avoid future infection.

Then, how to arm yourself to be safe from Win64:Malware-gen attacks? A recommended choice is to back up your important data to another safe place like offline. You’d better carry out this task with the help of a professional and reliable app like MiniTool ShadowMaker, a powerful computer backup program applicable for files/folders, systems, hard disks, etc.  

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

  1. Download and install MiniTool ShadowMaker on your computer.
  2. Open it and choose Keep Trial to enjoy its 30-day free trial.
  3. Go to the Backup tab from its main screen.
  4. In the Backup tab, click the Source module to select the files you want to protect.
  5. Click the Destination module to pick up a location to save the backup image file.
  6. Finally, back to the main interface, click Back up Now to start the process.

MiniTool ShadowMaker Backup Task Preview

Other tips for protecting yourself from been infected by viruses, trojans, malware, ransomware, etc. like Win64:Malware-gen:

  • Make use of multiple security programs together with a firewall to safeguard your PC.
  • Keep your OS up-to-date.
  • Pay attention to each download and always download from trusted or authorized sources.
  • Never open attachments from spam.
  • Give special scans or analyses for suspicious files.
  • Set strong passwords for all your online accounts and change the passwords regularly.
  • Don’t use the same password for all of your accounts.
  • Disable remote connection immediately after using it.
  • Never use a default port for remote connection.

All in all, Win64:Malware-gen can be a trojan, malware, ransomware, virus, etc. malicious process that will cause small or huge damage to your computer, from slow performance to complete system and data damage. Just adopt one of the solutions introduced in the above content to handle the problem. If you want to communicate with us or other visitors, you can leave a comment on this page or email us at [email protected].

Related articles:

  • linkedin
  • reddit