Backdoor

Backdoor.Agent.FPO removal instruction

Malware Removal

The Backdoor.Agent.FPO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Agent.FPO virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Backdoor.Agent.FPO?



File Info:

name: 32BF8C14A2105A505857.mlw
path: /opt/CAPEv2/storage/binaries/34f835d5a9f385f417514b765830bfe0a5f86de11d4924a7045c78997c569686
crc32: 88AC5482
md5: 32bf8c14a2105a5058575101f85992c3
sha1: 2476570b2d9b992cd560134d9883ac7adbfb796f
sha256: 34f835d5a9f385f417514b765830bfe0a5f86de11d4924a7045c78997c569686
sha512: 1e44aa1285674dd6526ac9ca9a8445bc16e67f49f214d7ae5f61dd857df4afd27fcee80a376fcc13c8c72e1cdf1a6ac7a4ae7f56528b28f90787e2ce454f6490
ssdeep: 6144:HncthzD8AUsWwEzHUojd4hcKbm8ze+opIlXmo:HcthDXMHWRbmWenpIJm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13A340114721486AAD1627AF09573E6E462B09DC64470738F6AB5360F60F3D07DE0FA7E
sha3_384: 668fd8088b460febe32337b4460af7a44ef7b6e227102018f7d62e35bb505d6b96ef09ff9060f9cdd1e5ad82fbfeadd0
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-09-11 01:08:13


Version Info:

Translation: 0x0000 0x04b0
Comments: Keygen by IMPosTOR
CompanyName: www.de-compiler.me
FileDescription: IMPosTOR_Keygen.exe
FileVersion: 2.5.0.0
InternalName: .exe
LegalCopyright: Copyright ©  2013
OriginalFilename: .exe
ProductVersion: 2.5.0.0
Assembly Version: 7.3.11.0

Backdoor.Agent.FPO also known as:

Elasticmalicious (high confidence)
DrWebDDoS.MP.5
MicroWorld-eScanGen:Variant.MSILPerseus.165174
FireEyeGeneric.mg.32bf8c14a2105a50
McAfeeArtemis!32BF8C14A210
CylanceUnsafe
SangforTrojan.Win32.Kazy.brvr
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
ArcabitTrojan.MSILPerseus.D28536
BitDefenderThetaAI:Packer.4E80922D1E
SymantecTrojan.Zbot
ESET-NOD32a variant of MSIL/Injector.BVB
TrendMicro-HouseCallTROJ_GEN.R06CC0WKG21
AvastWin32:RATX-gen [Trj]
KasperskyTrojan.Win32.Diple.fqfw
BitDefenderGen:Variant.MSILPerseus.165174
NANO-AntivirusTrojan.Win32.Scarsi.didxep
Ad-AwareGen:Variant.MSILPerseus.165174
SophosMal/Generic-S
ComodoTrojWare.MSIL.Injector.BWCA@557otw
VIPREBackdoor.MSIL.Fynloski.a (v)
TrendMicroTROJ_GEN.R06CC0WKG21
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
EmsisoftGen:Variant.MSILPerseus.165174 (B)
JiangminTrojanDropper.Autoit.bxz
AviraTR/Dropper.MSIL.Gen
Antiy-AVLTrojan/Generic.ASMalwS.4978CE
KingsoftWin32.Troj.Diple.fq.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Variant.MSILPerseus.165174
CynetMalicious (score: 100)
ALYacGen:Variant.MSILPerseus.165174
MAXmalware (ai score=87)
MalwarebytesBackdoor.Agent.FPO
APEXMalicious
YandexTrojan.Diple!gzr5Z0P1iJU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.DFY!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.4a2105
PandaGeneric Malware

How to remove Backdoor.Agent.FPO?

Backdoor.Agent.FPO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment