Trojan

MemScan:Trojan.Agent.CYIX (B) removal instruction

Malware Removal

The MemScan:Trojan.Agent.CYIX (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MemScan:Trojan.Agent.CYIX (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • CAPE detected the DarkComet malware family

How to determine MemScan:Trojan.Agent.CYIX (B)?



File Info:

name: 4FF0691832515899144F.mlw
path: /opt/CAPEv2/storage/binaries/b6ec022ba08a981602c031ef950783b112f0bdd755180f686d6e41bab9bc1c6c
crc32: B119A050
md5: 4ff0691832515899144f323ff2ae8226
sha1: 963e4053961a5203112185cc3ac00cfd0528a0d0
sha256: b6ec022ba08a981602c031ef950783b112f0bdd755180f686d6e41bab9bc1c6c
sha512: 36f337c7c0d53df9e8dc7277602ca0f9f00e58b97154a4b61a81c67bb0f01d2a3ab16f59ac651d8c947fd1329f13e2fa78289cf53e01e7d3b1503d326e4fedec
ssdeep: 12288:fu89O5h9vWpoTl20V3CgC98MsOX0P6uBQmX6cg4VVS37Oi6GfovyJB4cZw:fl9ofKM33RM8LiYQeg4iHTgqJBI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DA15235397D4C43BF4E963B025F862635BB4BCB0AEA4939F930498DC5CA1AC0367536B
sha3_384: faf90d723b4a13ad99ce6b61df03fbe425755c6fa2da9b57c76135784a7359aa687b8af7c8370b0999d157165d47b067
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

MemScan:Trojan.Agent.CYIX (B) also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.MauvaiseRI.S5260901
ALYacMemScan:Trojan.Agent.CYIX
MalwarebytesMalware.AI.51230689
VIPRETrojan.Win32.Generic!BT
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderMemScan:Trojan.Agent.CYIX
K7GWTrojan ( 0050c96f1 )
K7AntiVirusTrojan ( 0050c96f1 )
CyrenW32/Injector.KNNU-9072
ESET-NOD32Win32/Injector.DOIH
APEXMalicious
ClamAVWin.Malware.Cyix-6914663-0
KasperskyHEUR:Trojan.Win32.Zenpak.gen
NANO-AntivirusTrojan.Win32.Yakes.eodtwh
MicroWorld-eScanMemScan:Trojan.Agent.CYIX
RisingTrojan.Injector!1.AFF6 (CLOUD)
EmsisoftMemScan:Trojan.Agent.CYIX (B)
ComodoMalware@#rdqsmtornfu
DrWebDDoS.MP.5
TrendMicroBKDR_FYNLOSKI.ABFN
McAfee-GW-EditionGenericR-JRO!42A8D107A36E
FireEyeGeneric.mg.4ff0691832515899
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious SFX
JiangminTrojan.Yakes.uzc
AviraTR/Crypt.ZPACK.xejim
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.20027CD
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmHEUR:Trojan.Win32.Zenpak.gen
GDataMemScan:Trojan.Agent.CYIX
McAfeeGenericR-JRO!42A8D107A36E
TACHYONBackdoor/W32.Hupigon.935936.B
VBA32Trojan.Yakes
CylanceUnsafe
TrendMicro-HouseCallBKDR_FYNLOSKI.ABFN
YandexTrojan.GenAsa!/B8ZMMSkYVs
FortinetW32/Injector.DOIH!tr
BitDefenderThetaAI:Packer.164522CB23
AVGWin32:Malware-gen
Cybereasonmalicious.832515
AvastWin32:Malware-gen

How to remove MemScan:Trojan.Agent.CYIX (B)?

MemScan:Trojan.Agent.CYIX (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment