Malware

Downloader.Win32.Agent.mquc removal instruction

Malware Removal

The Downloader.Win32.Agent.mquc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.Agent.mquc virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Collects information to fingerprint the system

Related domains:

downloader.aldtop.com
client.aldtop.com
resource.aldtop.com

How to determine Downloader.Win32.Agent.mquc?



File Info:

crc32: EA7FFDFE
md5: 0c06aa5d2e5dc1b7d54f0c05392cdc3f
name: 0C06AA5D2E5DC1B7D54F0C05392CDC3F.mlw
sha1: 13aee7ea4da5ea3d3b183c7b3ce9af0c4ee7d1b5
sha256: de6a53a96906d5549ab0f4ddb4168e4c7c4de5faba46b1c3084df5a19c3edbe4
sha512: 8ae39038eb47dc29103938a592a2cdc98395a65f4badde2bd9a0db87154cf7feecda2cb4712c0057850384ba8e5ccd283840d44494ef2f012443cf3cbc4f0909
ssdeep: 24576:gr4L99NOUNcWivc+HBbEzppIdju6e1D9XBG9KuBFdz:y4VOUNcTvc+ezppss1dBG9Kujdz
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2018
InternalName: FastDownloader.exe
FileVersion: 3.2.0.8
CompanyName: -
ProductName: x8f6fx4ef6x4e0bx8f7dx5668
ProductVersion: 3.2.0.8
FileDescription:  
OriginalFilename: FastDownloader.exe
Translation: 0x0804 0x04b0

Downloader.Win32.Agent.mquc also known as:

K7AntiVirusAdware ( 00568e221 )
LionicRiskware.Win32.Agent.1!c
Elasticmalicious (high confidence)
ALYacGen:Variant.Application.Graftor.928385
CylanceUnsafe
ZillyaTool.Downer.Win32.262
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaDownloader:Win32/Downer.814bc1da
K7GWAdware ( 00568e221 )
Cybereasonmalicious.d2e5dc
CyrenW32/Trojan.TKFP-2996
SymantecPUA.Downloader
ESET-NOD32a variant of Win32/RiskWare.Downer.E
APEXMalicious
AvastWin32:DropperX-gen [Drp]
CynetMalicious (score: 100)
Kasperskynot-a-virus:Downloader.Win32.Agent.mquc
BitDefenderGen:Variant.Application.Graftor.928385
NANO-AntivirusTrojan.Win32.Downer.iwjljd
ViRobotAdware.Downer.913520
MicroWorld-eScanGen:Variant.Application.Graftor.928385
Ad-AwareGen:Variant.Application.Graftor.928385
SophosDowner (PUA)
ComodoPacked.Win32.MUPX.Gen@24tbus
VIPRETrojan.Win32.Generic!BT
TrendMicroPUA.Win32.DOWNER.CI
McAfee-GW-EditionArtemis!PUP
FireEyeGeneric.mg.0c06aa5d2e5dc1b7
EmsisoftGen:Variant.Application.Graftor.928385 (B)
SentinelOneStatic AI – Suspicious PE
JiangminDownloader.Agent.orv
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1142897
MicrosoftPUA:Win32/Downer
ArcabitTrojan.Application.Graftor.DE2A81
GDataGen:Variant.Application.Graftor.928385
AhnLab-V3PUP/Win32.RL_Downloader.R367892
McAfeeArtemis!0C06AA5D2E5D
MAXmalware (ai score=99)
VBA32Downloader.Agent
MalwarebytesPUP.Optional.FastDownloader
PandaTrj/Genetic.gen
TrendMicro-HouseCallPUA.Win32.DOWNER.CI
RisingAdware.Downloader!1.CE78 (CLASSIC)
IkarusPUA.RiskWare.Downer
MaxSecureTrojan.Malware.12156347.susgen
FortinetRiskware/Downer.DD89
AVGWin32:DropperX-gen [Drp]
Paloaltogeneric.ml

How to remove Downloader.Win32.Agent.mquc?

Downloader.Win32.Agent.mquc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment