Win64:pup-gen (Virus Removal Guide) - Chrome, Firefox, IE, Edge
Win64:pup-gen Removal Guide
What is Win64:pup-gen?
Win64:pup-gen is a heuristic detection name that may either be a false positive or indicate the fact that Windows crack tool is running on the machine
Win64:pup-gen is an AV detection that may indicate a Windows activation crack infringements
Win64:pup-gen is a detection name that is typically displayed by security programs, such as AVG, Sophos, Avast, and others. Although this detection might be a false positive due to some faulty virus definition, which might have been installed with the latest security updates, the mentioned AV detection is likely to be triggered by a potentially unwanted program (PUP) or malware.
According to cybersecurity experts, the Win64:pup-gen virus alert may be triggered by windowsdefender.exe, SppExtComObjHook.dll, and similar files. Often the alert reports the relation with the svchost.exe process and the C:\Windows\Temp\ location. If your anti-virus program displays suchlike alerts, there's a high risk of having an untrustworthy application running in the background. Thus, it's recommended rebooting the system into Safe Mode and running a full anti-malware scan.
According to Avast[1], the report of the Win64:pup-gen malware in relation to the SppExtComObjHook.dll file is the consequence of downloading software cracks for illegal activation of Windows OS. To check the ongoing malware detections and other system malfunctioning, experts recommend removing the content from the Temp folder and uninstalling cracking tools, such as AutoKMS, Re-Loader, KMSPico, and others.
Name | Win64:pup-gen |
Type | Generic detection name |
Related to | Windowsdefender.exe, SppExtComObjHook.dll files |
AV programs | The detection is usually brought by Avast, AVG, and Sophos. Other anti-virus tools may indicate the issue under a different detection name |
Trigger | The detection is likely to be triggered by malware or PUP. However, if it is related to the above-mentioned files, it's a clear sign that the system is running pirated software for cracking Windows licenses. |
Distribution | PUPs can enter the system via software packages, third-party download sites, fake updates, etc. In case the problem is related to cracks, it's most likely that the user downloaded it intentionally trying to bypass payment for the license |
Elimination | To stop AV programs from reporting the Win64:pup-gen malware, you should perform a full system scan and eliminate all PUPs. If that did not help, make sure to completely eliminate software cracks, keygens, and other pirated software |
Malware damage | To optimize the performance of Windows OS, take advantage of the FortectIntego repair tool |
It's possible that the Win64:pup-gen detection is false because of some AV update problems and inconsistencies. However, experts from AVG warn that this detection usually has a serious ground and should be treated carefully. People who receive an alert that contains the below-given information should take immediate steps to clean the machine from PUP/malware/Trojan infection:
Name: Win64:PUP-gen [PUP]
Gravity: 3
File path: C:\Windows\Temp\SppExtComObjHook.dll
Process: C:\Windows\System32\svchost.exe
Detected by: Files module
Status: Blocked.
The detection is apparently related to the SppExtComObjHook.dll, which is one of the files that belong to the Windows license cracking tools. Users who are not aware of crack tools and did not download something like that recently are strongly advised to delete the Temp folder and then repeat a scan with the AV engine. To remove this folder, you should:
- Press Windows key + R to open the run dialog.
- Type the %temp% and press Enter.
- Remove all files stored in the Temp folder and restart your PC.
- The perform a scan with the AV tool.
Major security programs can identify, quarantine, and remove Win64:pup-gen related virus safely. Therefore, you can use any tool that you trust and prefer using. However, make sure that the one that you are going to use features an updated virus database.
Upon the Win64:pup-gen removal, try running a scan with a system optimization tool, such as FortectIntego. You may question why you need a repair tool at all, but there's an important fact to mention – malware, virus, and PUPs tend to leave their footprints under system locations, such as Windows Registry, Temp folders, web browsers, etc. Luckily, a reliable optimization tool can help to fix malware damage quite easily. That's why you need it.
If you are not an expert in malware removal, then you should follow the Win64:pup-gen removal guide that has been submitted by 2-spyware security experts. You should follow each step and perform them in the right sequence.
Win64:pup-gen virus detection can be false positive, related to PUP or caused by pirated entries
PUP and malware infiltration strategies
Adware, browser hijackers, and similar PUPs are usually spread bundled with freeware and shareware. They cannot be installed on the system without the user's approval, which is why this type of apps is not considered malicious. The only way to stay away from PUPs is to be cautious during freeware installation processes.
However, dangerous viruses, such as spyware, Trojans, keyloggers, worms, etc. take advantage of stealthy infiltration strategies, for instance:
- infected spam email attachment[2];
- illegal/pirated software, such as cracks or keygens;
- fake software updates;
- misleading ads on suspicious websites, etc.
In order to maintain the machine malware-free, you should mind precautionary measures all the time. Cybersecurity experts from NoVirus.uk[3] distinguish the following means of security as the most important:
- install a professional anti-virus program and keep it up-to-date;
- install software or its updates from the official developer’s websites;
- do not use file-sharing services or P2P networks;
- bypass questionable or, contrary, eye-catchy pop-up ads that promote system tools, browser helper tools, warn about missing updates or offer to subscribe to Push Notifications;
- ensure that the real-time protection is enabled on your AV settings;
- avoid visiting potentially dangerous websites, such as gambling, gaming, or pornographic
- do not open suspicious attachments that are provided in the misleading emails.
Win64:pup-gen detection can be displayed by the AV engine if the latter detects malicious files and processes that belong to Windows key cracks
Eliminate Win64:pup-gen virus from the system
It may sometimes be difficult to understand if the AV engine alerts are real or false positive. Thus, it's not advisable to ignore any security warnings as your machine may be running a potentially dangerous or malicious infection that may cause serious damage. If you've been reported about Win64:pup-gen virus, we recommend restarting the machine into Safe Mode with Networking, deleting the Temp folder, and then initiate a full system scan with the AV tool.
As we have already pointed out, this particular infection may be related to Windows license cracking tools. Thus, if you have been using such apps, we recommend you to start Win64:pup-gen removal from a full uninstall of all pirated software and their remnants. After that, re-scan the system with an anti-malware program.
Anyway, we do not recommend you to remove Win64:pup-gen virus manually. This detection may be related to several unwanted programs, malware, PUPs, and so on. Thus, the only reliable remedy is a professional AV tool. Our recommended programs are SpyHunter 5Combo Cleaner or Malwarebytes. Upon the elimination, scan the machine with FortectIntego optimizer to recover the system's performance to the state prior to malware infiltration.
Getting rid of Win64:pup-gen. Follow these steps
Manual removal using Safe Mode
Learn how to boot the system into Safe Mode with Netoworking:
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Remove Win64:pup-gen using System Restore
-
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
-
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Win64:pup-gen. After doing that, click Next.
- Now click Yes to start system restore.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Win64:pup-gen and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting malware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
- ^ AVG Support Community. AVG. Support community.
- ^ Tatyana Shcherbakova, Tatyana Sidorina, Tatyana Kulikova. Spam and phishing in Q1 2020. Kaspersky. Security software developers.
- ^ SECURITY AND SPYWARE NEWS. NoVirus. Virus and Spyware news.