Malware

Application.DealAgent.YCB removal instruction

Malware Removal

The Application.DealAgent.YCB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.DealAgent.YCB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Application.DealAgent.YCB?



File Info:

crc32: 619980DE
md5: 7cb636a248919371ce7a1a4bc904bc03
name: 7CB636A248919371CE7A1A4BC904BC03.mlw
sha1: f6c116ba011bc213261969118ffb2f0e4b1d8579
sha256: 217d474221e288e6d6e5ffb5ef9b80f9f23435af49d1f707459e29b26d9e366d
sha512: b0b0e7c0a3509769ac9cde4f6aa5405b80bbe84d95aedb8057594473acf1ff44f1235e8079b420c4a0a975b6a68ce72ce62b83f552b0f7e5126cb3ee92a4e027
ssdeep: 49152:w+Abv1voli5N4E/PuGApFCWOV2uPqtF2AD8c:9Ab9v3/4KmrpgiuytMK
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion: 4.6.3.0             
CompanyName:                                                             
Comments: This installation was built with Inno Setup.
ProductName: Nelu                                                        
ProductVersion: 5.0.5               
FileDescription: Nelu Setup                                                  
Translation: 0x0000 0x04b0

Application.DealAgent.YCB also known as:

Elasticmalicious (high confidence)
DrWebTrojan.InstallCore.3436
ALYacApplication.DealAgent.YCB
CylanceUnsafe
SangforTrojan.Win32.DealAgent.YCB
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaAdWare:Win32/InstallCore.e7adeae8
SymantecPUA.Gen.2
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
AvastFileRepMalware [PUP]
CynetMalicious (score: 99)
Kasperskynot-a-virus:AdWare.Win32.DealPly.dpiql
BitDefenderApplication.DealAgent.YCB
NANO-AntivirusVirus.InnoSetup.Gen.ccng
MicroWorld-eScanApplication.DealAgent.YCB
Ad-AwareApplication.DealAgent.YCB
SophosInnoMod (PUA)
EmsisoftApplication.DealAgent.YCB (B)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1110666
ArcabitApplication.DealAgent.YCB
MicrosoftTrojan:Win32/Wacatac.A!ml
AhnLab-V3Malware/Gen.Generic.C2661867
McAfeeArtemis!7CB636A24891
PandaTrj/CI.A
RisingAdware.InstallCore!1.AB2C (CLASSIC)
YandexPUA.DealPly!Seq+IlLQcFQ
FortinetAdware/DealPly
AVGFileRepMalware [PUP]
Paloaltogeneric.ml

How to remove Application.DealAgent.YCB?

Application.DealAgent.YCB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment