Should I remove “PornTool.Agent”?

The PornTool.Agent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PornTool.Agent virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine PornTool.Agent?


File Info:
name: 2E0A5CB999FC40FE8A13.mlw
path: /opt/CAPEv2/storage/binaries/f3111a95b9c23e11bee876f8e674ebe7b0a8a9e094a3d71aa5bc5795d5b75a0a
crc32: 2C90E0D7
md5: 2e0a5cb999fc40fe8a13d57c7318b002
sha1: 942f122e96a892651df25c4e2efe425a5b8262f8
sha256: f3111a95b9c23e11bee876f8e674ebe7b0a8a9e094a3d71aa5bc5795d5b75a0a
sha512: 045f0a104d541fb5af953450e0d9bd174b8b70391513dce36e7d803c3bd6de82d51d16a951d0dc16d1b94b19649d4b210ab139a29c3365b46dbe809eeeb294a7
ssdeep: 24576:CAHnh+eWsN3skA4RV1Hom2KXMmHaZpnkI5:Fh+ZkldoPK8YaZp7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FB25AC0273D2E032FFAB92739BAAF20156BC79250133856F13981DB9BD701B1667D663
sha3_384: 2a536acce1c6996afaefec941960936090d2d1aab233ec025db2fdf408a8de118be9fb78142dc1afbb20e8a9b1001f12
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2021-08-14 11:11:04

Version Info:
Translation: 0x0809 0x04b0

PornTool.Agent also known as:

Bkav	W32.AIDetect.malware1
FireEye	Generic.mg.2e0a5cb999fc40fe
McAfee	Artemis!2E0A5CB999FC
Cylance	Unsafe
Alibaba	Packed:Win32/Generic.c7b195c9
ESET-NOD32	a variant of Win32/Packed.AutoIt.UK
Paloalto	generic.ml
Avast	Win32:Trojan-gen
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.dh
Ikarus	Trojan.Win32.Autoit
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Win32.Trojan.Agent.29OHMR
Malwarebytes	PornTool.Agent
APEX	Malicious
eGambit	Unsafe.AI_Score_95%
Fortinet	Malicious_Behavior.SB
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_80% (W)

How to remove PornTool.Agent?

PornTool.Agent removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X