NSIS/Injector.AGV removal

The NSIS/Injector.AGV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What NSIS/Injector.AGV virus can do?

Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
A scripting utility was executed
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Attempts to delete volume shadow copies
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Writes a potential ransom message to disk
Clears Windows events or logs
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine NSIS/Injector.AGV?


File Info:
crc32: CCF373B1
md5: 832ed619f3daa48744b42d44da4fa27e
name: 832ED619F3DAA48744B42D44DA4FA27E.mlw
sha1: 71b7562fca61398a614e0d3c46542bad583320e1
sha256: b759155d6effdbb5d4baf41125b66f0e776d4f92440487e726ca76f458b03089
sha512: d7fe9cf520bdab1f43a60e5dbbb177fcf56d281465b572f3ac871dcc18db52a609e37869dee9860e480ff75838864bc53454cf50dab8bc4ec0951c2547f57674
ssdeep: 6144:jz2Wtr+lFuBTiPV7Zp2QkuIqru6+y8bIbfVquEV655luR/a:Rtr+Ty45GxqSDy8UbNjEV+p
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: devenv.exe
FileVersion: 15.0.26228.9 built by: D15RTWSVC
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Visual Studioxae
ProductVersion: 15.0.26228.9
FileDescription: Microsoft Visual Studio 2017
OriginalFilename: devenv.exe
Translation: 0x0409 0x04b0

NSIS/Injector.AGV also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 005428a81 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.26375
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.31512035
Cylance	Unsafe
Sangfor	Trojan.Win32.Gandcrab.S
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Gandcrab.1784acdc
K7GW	Trojan ( 005428a81 )
Cybereason	malicious.9f3daa
Symantec	Trojan.Gen.MBT
ESET-NOD32	NSIS/Injector.AGV
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.31512035
NANO-Antivirus	Trojan.Win32.Encoder.fmdxpx
MicroWorld-eScan	Trojan.GenericKD.31512035
Tencent	Win32.Trojan.Generic.Dxms
Ad-Aware	Trojan.GenericKD.31512035
Sophos	Mal/Generic-S
Comodo	Malware@#1cxfy39s7fw50
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
FireEye	Trojan.GenericKD.31512035
Emsisoft	Trojan.GenericKD.31512035 (B)
Jiangmin	Trojan.Generic.dzave
Webroot	W32.Trojan.Emotet
Avira	HEUR/AGEN.1140714
Microsoft	Trojan:Win32/Gandcrab.S!MTB
Arcabit	Trojan.Generic.D1E0D5E3
GData	Trojan.GenericKD.31512035
McAfee	Artemis!832ED619F3DA
MAX	malware (ai score=100)
Panda	Trj/CI.A
Rising	Trojan.Injector/NSIS!1.BFBB (CLASSIC)
Ikarus	Trojan.NSIS.Injector
Fortinet	W32/Injector.AFV!tr
AVG	Win32:Malware-gen

How to remove NSIS/Injector.AGV?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.