Trojan

BAT/TrojanDownloader.Agent.PBO removal instruction

Malware Removal

The BAT/TrojanDownloader.Agent.PBO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BAT/TrojanDownloader.Agent.PBO virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to identify installed AV products by installation directory
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Touches a file containing cookies, possibly for information gathering
  • Collects information to fingerprint the system

How to determine BAT/TrojanDownloader.Agent.PBO?



File Info:

name: CFC042686920914EA518.mlw
path: /opt/CAPEv2/storage/binaries/142d89392f229da3273a4d053620ba2f30f687e5efb4e981f032a19b1c2a0c1a
crc32: AC8AEA3D
md5: cfc042686920914ea518a96a82b66545
sha1: d1564fb9d539b8a5f701fd24db99be7ccd2419af
sha256: 142d89392f229da3273a4d053620ba2f30f687e5efb4e981f032a19b1c2a0c1a
sha512: 9d2ba97f32d13d6364583931675a00144422a5f73e57dd51917894e5d87d2b000d3d980ec0cf2dcb54a7122ec00fce02ac9d45dc632bf92bb2d1bac8e259fe62
ssdeep: 3072:75VF+XC9GAJ3+3BI0WhAtAAAAA+j7aJRide/iAbB9ZoSnm3vOeElDGzFmc5:75VP9Ge3+hoAvdeJBbLnMvIiz/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T133F3AE217BDA40F6C4D335314A45B76669F6FF350F2446CB5B90360B6D322E2AB3E18A
sha3_384: 099d119ee63615ba7d5cd5fbf1955c3d13e31d5f506b6ced62a59755f8671ff40b532da657ded66af872a854df81df66
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34


Version Info:

CompanyName: Amnis Technology Ltd.
LegalCopyright: Copyright 2006-2013 all authors (GPLv3)
OriginalFilename: PDFlite.exe
FileVersion: 0.11.0.0
ProductName: PDFlite
ProductVersion: 0.11.0.0
FileDescription: PDFlite
Created: 7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Builder: hg 13:15:20 18/07/2023
Translation: 0x0000 0x04b0

BAT/TrojanDownloader.Agent.PBO also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.69331345
MalwarebytesGeneric.Malware.AI.DDS
SangforDownloader.Win32.Malgent.Vk1l
K7AntiVirusTrojan-Downloader ( 005a90a91 )
AlibabaTrojanDownloader:Win32/Malgent.347cd7e7
K7GWTrojan-Downloader ( 005a90a91 )
CrowdStrikewin/malicious_confidence_60% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32BAT/TrojanDownloader.Agent.PBO
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Drivepack-9884589-1
BitDefenderTrojan.GenericKD.69331345
MicroWorld-eScanTrojan.GenericKD.69331345
RisingTrojan.Malgent!8.10C33 (TOPIS:E0:Rzx1npfqx3J)
EmsisoftTrojan.GenericKD.69331345 (B)
VIPRETrojan.GenericKD.69331345
TrendMicroTROJ_GEN.R002C0DIE23
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.cfc042686920914e
SophosMal/Generic-S
WebrootW32.Adware.Gen
MAXmalware (ai score=88)
Antiy-AVLTrojan/Win32.Malgent
MicrosoftTrojan:Win32/Malgent!MSR
ArcabitTrojan.Generic.D421E991
GDataTrojan.GenericKD.69331345
GoogleDetected
McAfeeArtemis!CFC042686920
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DIE23
TencentBat.Trojan-Downloader.Der.Kjgl
IkarusTrojan-Downloader.BAT.Agent
FortinetBAT/Agent.PBO!tr.dldr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove BAT/TrojanDownloader.Agent.PBO?

BAT/TrojanDownloader.Agent.PBO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment