Malware

About “Downloader.Win32.Agent.lqsr” infection

Malware Removal

The Downloader.Win32.Agent.lqsr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.Agent.lqsr virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Downloader.Win32.Agent.lqsr?



File Info:

name: 632AB39D05C06893E1A2.mlw
path: /opt/CAPEv2/storage/binaries/feffef8428f0cbecbeb1a70b5a717bc18760b32ce839250d32dd9d26ad64015e
crc32: 5949A53E
md5: 632ab39d05c06893e1a237ab2553bbe9
sha1: 02bf53ac050cb78efa5ec08e3e232ffd6fa05bcb
sha256: feffef8428f0cbecbeb1a70b5a717bc18760b32ce839250d32dd9d26ad64015e
sha512: 114cfa2e268b53e6a149a924d35a1def6bd5f323e6f35b6b173c68f73b978f6bfa0c61d2d087b4f203033cae04b97847a6b46c84e1122986137c9e77871ccc4e
ssdeep: 98304:n18X9V6TI+ZTlrdstgWISmXGQO/cMmZJyOYQomdFqK/ScDxKKK7Gh1BaZpV9u1O:1Y9V65BrSayE6OyJGqKxdKKK720pVMo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA363313E7C35432F9A97E3989F64A14EC5333A869F668B12DB1EB4C0634F85C1B1B46
sha3_384: f86d79cc6fc7f563b1304e46c94c22defc06ff6399c6798c7b4a2aa613e19d284ffb1039ebc5343fa7073e6336618a7b
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: MP3剪切合并大师 Setup                                             
FileVersion:                     
LegalCopyright: Copyright 2019 Do2019.com                                                                           
ProductName: MP3剪切合并大师                                                   
ProductVersion: 12.7                                              
Translation: 0x0000 0x04b0

Downloader.Win32.Agent.lqsr also known as:

LionicRiskware.Win32.Agent.1!c
McAfeeArtemis!632AB39D05C0
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforPUP.Win32.Agent.lqsr
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/DeFile.Gen potentially unwanted
Kasperskynot-a-virus:Downloader.Win32.Agent.lqsr
NANO-AntivirusRiskware.Win32.Relevant.foobcq
AvastWin32:Adware-gen [Adw]
SophosGeneric PUA AC (PUA)
DrWebAdware.Relevant.178
McAfee-GW-EditionBehavesLike.Win32.BadFile.rc
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1206260
MicrosoftProgram:Win32/Occamy.AA
CynetMalicious (score: 99)
VBA32Downloader.Agent
MalwarebytesMalware.AI.172151120
TrendMicro-HouseCallTROJ_GEN.R002H0CGJ21
MaxSecureTrojan.Malware.74460158.susgen
FortinetAdware/DeFile
AVGWin32:Adware-gen [Adw]
PandaTrj/CI.A
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Downloader.Win32.Agent.lqsr?

Downloader.Win32.Agent.lqsr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment