Backdoor

Backdoor.Agent.PR removal

Malware Removal

The Backdoor.Agent.PR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Agent.PR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself

How to determine Backdoor.Agent.PR?



File Info:

name: C3CA59441D4B01341239.mlw
path: /opt/CAPEv2/storage/binaries/30db800000cf2e2a2de0daaa7569ccf2b8719f7f38f622f5b40bbdbbeb88357c
crc32: 96893C16
md5: c3ca59441d4b01341239417ecd7c6380
sha1: bee5f1ff731cb0ddd661583a87d29784f727fcfa
sha256: 30db800000cf2e2a2de0daaa7569ccf2b8719f7f38f622f5b40bbdbbeb88357c
sha512: 101591db2ff16e684b3e5f3a248c29507814c3310991bdee287e4319c13e7617402f71e48eaf275e9923f758ff84389a52b93be1772753f2d82db91ff3ac4566
ssdeep: 1536:rbHoGetoPwieZBLLgCSbIt9uUvO0ty8ZU:rbHSnJSbIt9u38ZU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18143910B2ADCBDA0D5BC0B703B3343D1C3B9DE124623D65E69D93948AA3E24379467D9
sha3_384: c41be8d8744c263250bf65ccbd64557a6122b68f5a85ca23ceedbcf3fe5dcd14add0d6e1bbe6da5fe612a6e5babb3bd2
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-06-27 22:58:54


Version Info:

Translation: 0x0000 0x04b0
FileDescription: localhost
FileVersion: 1.0.0.0
InternalName: sev.exe
LegalCopyright:  
OriginalFilename: sev.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Backdoor.Agent.PR also known as:

LionicTrojan.Win32.Agent.4!c
DrWebTrojan.DownLoader15.5372
MicroWorld-eScanIL:Trojan.MSILMamut.7038
FireEyeGeneric.mg.c3ca59441d4b0134
ALYacIL:Trojan.MSILMamut.7038
Cylanceunsafe
ZillyaTrojan.Agent.Win32.555686
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e3e31 )
AlibabaTrojan:MSIL/Bladabindi.e9547e7d
K7GWTrojan ( 0055e3e31 )
Cybereasonmalicious.41d4b0
BitDefenderThetaGen:NN.ZemsilF.36196.dq0@a8CMJ4c
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Bladabindi.DS
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.nesewg
BitDefenderIL:Trojan.MSILMamut.7038
NANO-AntivirusTrojan.Win32.Agent.dztebz
AvastWin32:Malware-gen
TencentWin32.Trojan.Agent.Ychl
EmsisoftIL:Trojan.MSILMamut.7038 (B)
F-SecureHeuristic.HEUR/AGEN.1305602
VIPREIL:Trojan.MSILMamut.7038
TrendMicroTROJ_GEN.R06CC0OFT22
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataIL:Trojan.MSILMamut.7038
JiangminTrojan.Agent.pt
WebrootTrojan.Ransom.Blocker.Gen
AviraHEUR/AGEN.1305602
MAXmalware (ai score=88)
Antiy-AVLTrojan/Win32.Agent
XcitiumMalware@#6r5e3847zfus
ArcabitIL:Trojan.MSILMamut.D1B7E
ZoneAlarmTrojan.Win32.Agent.nesewg
MicrosoftTrojan:Win32/Dynamer!ac
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
McAfeeArtemis!C3CA59441D4B
VBA32TScope.Trojan.MSIL
MalwarebytesBackdoor.Agent.PR
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R06CC0OFT22
RisingTrojan.Bladabindi!8.C7 (CLOUD)
YandexTrojan.Agent!stbP12IAlx4
IkarusTrojan.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.DU!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Agent.PR?

Backdoor.Agent.PR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment