Trojan.Win32.Cometer.gen (virus) - Free Guide

Trojan.Win32.Cometer.gen Removal Guide

What is Trojan.Win32.Cometer.gen?

Trojan.Win32.Cometer.gen is fileless malware designed to steal valuable information

Trojan.Win32.Cometer.genFiless malware can be extremely dangerous, as it uses sophisticated evasion techniques

Some malware is just worse than the other, and Trojan.Win32.Cometer.gen definitely meets these criteria. Residing only in memory, this malicious program is extremely stealthy, capable of bypassing several protection measures on the targeted network, and also remaining invisible for a period of time to avoid detection. Once inside the system, it resides in memory for a while and focuses on stealing various data. Commercial sector or home consumers affected might suffer from serious financial losses, information leak, and other severe issues due to the infection.

Cometer Trojan was first analyzed by Kaspersky researchers back in 2017[1] and remains active to this day. While the main targets of cybercriminals behind it are corporate networks, users who have adequate security measures installed on their systems might also find a warning about the incoming threat. Due to its complex nature and operation techniques, it is not always possible for anti-malware software to prevent intrusion.

Name Trojan.Win32.Cometer.gen
Alternative names MEM:Trojan.win32.Metasploit, Trojan.Multi.GenAutorunReg.c, HEUR:Trojan.Multi.Powecod
Type Trojan, data-stealer
Infiltration Infected removable drives, (targeted) phishing emails
Traits Being fileless malware, it resides in memory upon intrusion without performing any actions on a Windows machine
Prevention Ensure all software on the system is updated and anti-malware's real-time protection enabled
Removal To ensure your computer is malware-free, perform an in-depth scan with powerful SpyHunter 5Combo Cleaner security solution
System fix In case malware causes damage to Windows system files, use FortectIntego to fix virus damage

Fileless malware[2] is nothing new by new by now – we previously explored the complex and sophisticated threats like Nodersok or Astaroth several years ago. The nature of fileless malware, its ability to stay doormat for several days or even weeks, evasion techniques, and lack of traces for cybersecurity solutions to detect it makes it the prime choice for cybercriminals.

If you are interested in spreading, operating, avoidance, prevention, and mitigation aspects of Trojan.Win32.Cometer.gen, check the information below.

Spreading techniques: find out how to avoid the infection

Phishing emails

The Trojan is delivered as a file attachment to emails with malicious links or inside of a self-extracting archive. Its file extension is either .SCR or .EXE, allowing it to be easily mistaken for a legitimate application since many Windows users tend to trust such files. Besides, cybercriminals often use double extensions in order to deliberately mislead users and make them believe that the malicious file is safe to be opened.

Besides the obfuscation of the malicious file itself, the phishing message and composition of it can be sophisticated and hardly distinguishable from the real one. For example, the “From” email can often be faked and visually match a legitimate one, making victims automatically trust the email they have been sent.

Removable drives

Cometer can also transfer itself via removable drives, such as USB flash drives and memory sticks. If you are using external drives at your work or home computer and vice versa, keep in mind that malware might sneak into such a device without any signs or symptoms.

In order to avoid the infection, it is mandatory to be aware of the potential threat – users should never recklessly open suspicious emails (even if they look legit from the first glance), use untrustworthy removable drives, and always ensure to keep all the installed software patched with the latest security updates to mitigate vulnerabilities[3] on the third-party and built-in programs.

Malware operation and mitigation techniques

Once it finds its way onto the target network, Cometer downloads a configuration file that allows it to stay hidden while being distributed throughout the environment. The malware is programmed to immediately start communicating with its C&C server(s) after the infection has been completed. Its primary objective is to harvest network configuration data and obtain a list of available drives.

Its next mission is to determine which drive contains the most valuable information, steal its content, send it back to the server, and delete it from the remote server in encrypted form, and then erase all traces of its presence on the system.

This complex process reveals that the creators behind Trojan.Win32.Cometer.gen have been focusing on stealth, speed, and reliability. In other words, the malware is specifically designed to avoid detection while targeting valuable data quickly and efficiently.

Since this trojan’s primary mission is data exfiltration, it can also be used for industrial or governmental espionage. Users should always keep an eye on their system’s behavior and stability to catch any signs of infections in time.

If the machine starts acting strangely or if it is unresponsive, users are advised to run a full system scan with a reputable anti-malware tool as soon as possible. Our recommendation is SpyHunter 5Combo Cleaner, although other reputable security software can be employed for the job as well. In order to be the most efficient, the scan should be performed in a Safe Mode environment. Here's how to access it:

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.Update & Security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.Recovery
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.Press F5 to enable Safe Mode with Networking

As soon as Safe Mode is reached, employ security software to perform a full system scan. Keep in mind that a compromised machine or a network might also be affected by other malware – we previously saw collaborations of well-known threats (for example, Djvu ransomware and AZORult).

Post-infection actions

Since the Trojan is programmed to remain invisible while residing in memory, antivirus suites or users notice the infection only after the fact. This can be particularly dangerous, so it is important to use all the possible prevention techniques to stay safe.

It is important to note that Cometer performs changes within the Windows registry, so it is important to fix it after the infection is terminated. In order to ensure that this issue is addressed and virus damage is remediated, we strongly recommend using a PC repair tool:

  • Download FortectIntego installer
  • Click on ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

After the technical side of the infection is dealt with, it is imperative to prevent further cybercriminal actions that can follow after a successful data harvest is committed. Changing all passwords for all user accounts and logins to networks/RDPs is necessary for extra security. Besides, reporting the attack to local authorities would be beneficial in order to help the law track and find the culprits responsible. You can find the contact information of various law enforcement agencies around the world below.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Trojan.Win32.Cometer.gen. Follow these steps

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Trojan.Win32.Cometer.gen and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting trojans

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions