Rootkit.Fileless.MTGen

Short bio

Rootkit.Fileless.MTGen is the generic detection for fileless infections that use a rootkit to hide their presence. In the majority of the cases, they use registry keys that are designed to run Powershell commands that carry out the rest of the infection. Other than Powershell, we have also seen the mshta command.

Protection

Malwarebytes protects users from Rootkit.Fileless.MTGen using real-time protection to block the trojans that install these rootkits.

Malwarebytes prevents Rootkit.Fileless.MTGen

Remediation

Malwarebytes can detect and remove Rootkit.Fileless.MTGen without further user interaction.

1. Please download Malwarebytes to your desktop.
2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
3. Then click Finish.
4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
7. Restart your computer when prompted to do so.

Related blog content

Fileless Infections: An Overview
Rootkits