Win64:pup-gen

Win64:pup-gen is a heuristic detection name that may either be a false positive or indicate the fact that Windows crack tool is running on the machine

Win64:pup-gen is a detection name that is typically displayed by security programs, such as AVG, Sophos, Avast, and others. Although this detection might be a false positive due to some faulty virus definition, which might have been installed with the latest security updates, the mentioned AV detection is likely to be triggered by a potentially unwanted program (PUP) or malware.

According to cybersecurity experts, the Win64:pup-gen virus alert may be triggered by windowsdefender.exe, SppExtComObjHook.dll, and similar files. Often the alert reports the relation with the svchost.exe process and the C:\Windows\Temp\ location. If your anti-virus program displays suchlike alerts, there’s a high risk of having an untrustworthy application running in the background. Thus, it’s recommended rebooting the system into Safe Mode and running a full anti-malware scan. 

According to Avast^[1], the report of the Win64:pup-gen malware in relation to the SppExtComObjHook.dll file is the consequence of downloading software cracks for illegal activation of Windows OS. To check the ongoing malware detections and other system malfunctioning, experts recommend removing the content from the Temp folder and uninstalling cracking tools, such as AutoKMS, Re-Loader, KMSPico, and others. 

It’s possible that the Win64:pup-gen detection is false because of some AV update problems and inconsistencies. However, experts from AVG warn that this detection usually has a serious ground and should be treated carefully. People who receive an alert that contains the below-given information should take immediate steps to clean the machine from PUP/malware/Trojan infection:

Name: Win64:PUP-gen [PUP]
Gravity: 3
File path: C:\Windows\Temp\SppExtComObjHook.dll
Process: C:\Windows\System32\svchost.exe
Detected by: Files module
Status: Blocked.

The detection is apparently related to the SppExtComObjHook.dll, which is one of the files that belong to the Windows license cracking tools. Users who are not aware of crack tools and did not download something like that recently are strongly advised to delete the Temp folder and then repeat a scan with the AV engine. To remove this folder, you should:

• Press Windows key + R to open the run dialog. 
• Type the %temp% and press Enter. 
• Remove all files stored in the Temp folder and restart your PC. 
• The perform a scan with the AV tool. 

Major security programs can identify, quarantine, and remove Win64:pup-gen related virus safely. Therefore, you can use any tool that you trust and prefer using. However, make sure that the one that you are going to use features an updated virus database.

Upon the Win64:pup-gen removal, try running a scan with a system optimization tool, such as Reimage Reimage Cleaner Intego. You may question why you need a repair tool at all, but there’s an important fact to mention – malware, virus, and PUPs tend to leave their footprints under system locations, such as Windows Registry, Temp folders, web browsers, etc. Luckily, a reliable optimization tool can help to fix malware damage quite easily. That’s why you need it.  

If you are not an expert in malware removal, then you should follow the Win64:pup-gen removal guide that has been submitted by 2-spyware security experts. You should follow each step and perform them in the right sequence. 

PUP and malware infiltration strategies

Adware, browser hijackers, and similar PUPs are usually spread bundled with freeware and shareware. They cannot be installed on the system without the user’s approval, which is why this type of apps is not considered malicious. The only way to stay away from PUPs is to be cautious during freeware installation processes. 

However, dangerous viruses, such as spyware, Trojans, keyloggers, worms, etc. take advantage of stealthy infiltration strategies, for instance: 

• infected spam email attachment^[2];
• illegal/pirated software, such as cracks or keygens;
• fake software updates;
• misleading ads on suspicious websites, etc.

In order to maintain the machine malware-free, you should mind precautionary measures all the time. Cybersecurity experts from NoVirus.uk^[3] distinguish the following means of security as the most important:

• install a professional anti-virus program and keep it up-to-date;
• install software or its updates from the official developer’s websites;
• do not use file-sharing services or P2P networks;
• bypass questionable or, contrary, eye-catchy pop-up ads that promote system tools, browser helper tools, warn about missing updates or offer to subscribe to Push Notifications;
• ensure that the real-time protection is enabled on your AV settings;
• avoid visiting potentially dangerous websites, such as gambling, gaming, or pornographic;
• do not open suspicious attachments that are provided in the misleading emails.  

Eliminate Win64:pup-gen virus from the system

It may sometimes be difficult to understand if the AV engine alerts are real or false positive. Thus, it’s not advisable to ignore any security warnings as your machine may be running a potentially dangerous or malicious infection that may cause serious damage. If you’ve been reported about Win64:pup-gen virus, we recommend restarting the machine into Safe Mode with Networking, deleting the Temp folder, and then initiate a full system scan with the AV tool. 

As we have already pointed out, this particular infection may be related to Windows license cracking tools. Thus, if you have been using such apps, we recommend you to start Win64:pup-gen removal from a full uninstall of all pirated software and their remnants. After that, re-scan the system with an anti-malware program. 

Anyway, we do not recommend you to remove Win64:pup-gen virus manually. This detection may be related to several unwanted programs, malware, PUPs, and so on. Thus, the only reliable remedy is a professional AV tool. Our recommended programs are SpyHunter 5Combo Cleaner or Malwarebytes. Upon the elimination, scan the machine with Reimage Reimage Cleaner Intego optimizer to recover the system’s performance to the state prior to malware infiltration.