Pin Me

Win32 Pacex.Gen - Base of other Trojans

written by: •edited by: Bill Bunter•updated: 6/7/2010

Win32 Pacex.Gen provides base for other Trojans to operate making the user's computer system a total crap. Read the article to find out, how you can protect your PC and if infected, how to cure.

  • slide 1 of 7


    win32 pacex.gen Win32 Pacex.Gen comes under the category of Trojan that infects a computer system by using an obfuscation technique to steal important information like passwords, financial information, and other user credentials. Being a Trojan, it doesn’t replicate itself but has a different mechanism of spreading itself. Win32 Pacex.Gen acts like a base for other variants of Trojans and spreads itself through emails, peer to peer networks, IRC, blog posts, etc.

  • slide 2 of 7

    Risk Assessment

    Home Users – LOW

    Corporate Users – LOW

  • slide 3 of 7

    Trojan Characteristics

    Filename: 3a5cfe0ea1ba4a529b8755fb9c2de106dc46c0fe.exe

    Type: Trojan

    Detection: Pacex.Gen

    Length: 117 Kb

  • slide 4 of 7

    Common Detection Names

    Microsoft - PWS:Win32/OnLineGames.DL!dll

    Kaspersky - Trojan-GameThief.Win32.Magania.gnh

    Sophos - Mal/EncPk-CE

    Symantec - Trojan.Zlob

    Eset - Win32/Pacex.Gen

  • slide 5 of 7


    Win32 Pacex.Gen hijacks a running process’s execution to run its own code and uses shared memory access to remain hidden from the user. It also copies certain .dll (dynamic link library) and .exe files to the windows\system32 folder and also adds or modifies entries in the system registry. The purpose of writing .dll files to the windows folder is registering the drivers for execution in windows.

  • slide 6 of 7

    How it Works

    Win32 Pacex.Gen creates executables in the windows\system32 folder and registers the .dll files associated with them to create an environment necessary for its execution. It also adds some executable files in the windows\help folder so that whenever the F1 button is pressed or the help window is opened, the Trojan can execute itself.

    It also copies certain executables in the windows\temp folder by the following name: 3a5cfe0ea1ba4a529b8755fb9c2de106dc46c0fe.exe and a corresponding dll is also registered for the execution of this file at startup.

    In windows\help folder, this Trojan copy f3c74e3fa248.dll and f3c74e3fa248.exe files to infect the PC. Notice, both .exe and .dll files are copied together for the execution of the Trojan.

    %path1%= HKEY_LOCAL_MACHINE\software\classes\clsid\{1dbd6574-d6d0-4782-94c3-69619e719765}\

    Apart from copying files in the windows\system32 or windows\help folder, it adds some new entries in the system registry.

    %path1% : (default) = ssuudl

    %path1%\inprocserver32\ : (default) = c:\windows\help\f3c74e3fa248.dll

  • slide 7 of 7

    Removal Instructions

    In order to remove Win32 Pacex.Gen Trojan, restart your computer and press the F8 key during startup before the windows screen appears.From the list of available options, choose Safe Mode. When your system is in Safe Mode, search for the 2 files, f3c74e3fa248.dll and f3c74e3fa248.exe,right click the files and delete them. Now, again restart your system and perform a full scan of your computer system using good antivirus software. I recommend using ESET NOD32 or McAfee antivirus.

    Note: Before performing a scan, make sure you have disabled the System Restore option, and also performed a disk cleanup of the drive where windows had been installed.