This Generic Detection identifies malicious files that create a file directory under the temporary folder:
- %temp%\E_4 (or %temp%\E_N4)
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The newly created folder is used to store the following files, which may be dropped by various malware:
The dropped files may be loaded in other processes to perform malicious activities.
Some variants may drop an executable files with random name inside a new created folder:
- %windir%\system32\[folder with random names]
Some variants from this family are observed to have downloading capabilities.