Backdoor

About “Backdoor.VB.Agent.ABX” infection

Malware Removal

The Backdoor.VB.Agent.ABX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.VB.Agent.ABX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.VB.Agent.ABX?



File Info:

name: F2570A0BFE97380FBB5F.mlw
path: /opt/CAPEv2/storage/binaries/b398d2d8c26361f98d8341bb38e42f9553b107756c0aeb5985688de7af309de6
crc32: 29402FEF
md5: f2570a0bfe97380fbb5fa8f5d2a7b8b7
sha1: 8e14bd3ab47448579731ea6d466704331d45c7ac
sha256: b398d2d8c26361f98d8341bb38e42f9553b107756c0aeb5985688de7af309de6
sha512: 0b0262bf772ccb02199313c1e5b688b9f42cf775076b5f62bd62b83ab024c07ab94d33bf40cd836e6f863cbf16593987c5af64243055f6177c04a055e11fa899
ssdeep: 3072:IU2TFqNSEnsM5zisqVnJMbgBgD/zPkFjOGtzPITWaQj6kAtnLovjmU0pFQtrlYwA:V2RE5WtWbae/ijOiR5mkAeftrR6O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B744A306585E302E1474E38E4AEF2FF2E1E2EABDA586597D12D3F30B5F29D149C2944
sha3_384: 67f28bfc0dbe2218074b91ce96436844cf297cf33b0c2b47e5d1fca8f132168ee489f1556a81d778630db7fad18fdd73
ep_bytes: 68a48d4200e8eeffffff000000000000
timestamp: 2014-11-03 12:32:56


Version Info:

Translation: 0x0409 0x04b0
CompanyName: TeraByte Unlimited
ProductName: Kerkers2
FileVersion: 2.00.0001
ProductVersion: 2.00.0001
InternalName: Diskussionsverschiebung Bergabbremsen7
OriginalFilename: Diskussionsverschiebung Bergabbremsen7.exe

Backdoor.VB.Agent.ABX also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Zbot.l!c
MicroWorld-eScanBackdoor.VB.Agent.ABX
ClamAVWin.Malware.Zbot-6714649-0
FireEyeGeneric.mg.f2570a0bfe97380f
CAT-QuickHealVirTool.VBInject.LE3
Cylanceunsafe
VIPREBackdoor.VB.Agent.ABX
SangforSuspicious.Win32.Save.vb
K7AntiVirusSpyware ( 003783441 )
AlibabaTrojanSpy:Win32/Tofsee.43a25886
K7GWSpyware ( 003783441 )
Cybereasonmalicious.ab4744
VirITTrojan.Win32.VBCrypt.INB
CyrenW32/Zbot.SMIA-1863
SymantecTrojan.Zbot
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.AAQ
TrendMicro-HouseCallTROJ_FRS.0NA103C320
AvastWin32:DropperX-gen [Drp]
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Zbot.umxu
BitDefenderBackdoor.VB.Agent.ABX
NANO-AntivirusTrojan.Win32.Zbot.fjpirq
TACHYONTrojan-Spy/W32.VB-ZBot.339968.I
SophosML/PE-A
F-SecureTrojan.TR/Dropper.VB.23192
DrWebTrojan.PWS.Panda.655
ZillyaTrojan.Zbot.Win32.170017
TrendMicroTROJ_FRS.0NA103C320
McAfee-GW-EditionBehavesLike.Win32.Infected.fh
Trapminemalicious.moderate.ml.score
EmsisoftBackdoor.VB.Agent.ABX (B)
GDataBackdoor.VB.Agent.ABX
WebrootW32.Infostealer.Zeus
AviraTR/Dropper.VB.23192
Antiy-AVLTrojan[Spy]/Win32.Zbot
XcitiumMalware@#14y2g5hok7397
ArcabitBackdoor.VB.Agent.ABX
ViRobotTrojan.Win32.Agent.339968.O
ZoneAlarmTrojan-Spy.Win32.Zbot.umxu
MicrosoftPWS:Win32/Zbot!ZA
GoogleDetected
AhnLab-V3Trojan/Win32.MDA.R123937
BitDefenderThetaGen:NN.ZevbaF.36350.um0@aqwv7Nbi
MAXmalware (ai score=100)
VBA32TrojanSpy.Zbot
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Genetic.gen
APEXMalicious
RisingTrojan.Spy.Win32.Zbot.hnn (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AAQ!tr
AVGWin32:DropperX-gen [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.VB.Agent.ABX?

Backdoor.VB.Agent.ABX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment