Risk

RiskWare.Agent.SFX removal guide

Malware Removal

The RiskWare.Agent.SFX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskWare.Agent.SFX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • A HTTP/S link was seen in a script or command line
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify proxy settings
  • Attempts to modify Windows Defender using PowerShell
  • Attempts to execute suspicious powershell command arguments
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine RiskWare.Agent.SFX?



File Info:

name: B06A9887113EF6D88F4D.mlw
path: /opt/CAPEv2/storage/binaries/6b3bd35870feffce553a7171a5dc5c0d9b20ad0aa06256f937270b8111f2078f
crc32: D5B850E9
md5: b06a9887113ef6d88f4dd9e94835f0d4
sha1: cc8f7c308c4ee801849646bdfd38eb04b65ca82e
sha256: 6b3bd35870feffce553a7171a5dc5c0d9b20ad0aa06256f937270b8111f2078f
sha512: 119678fe17ff54378198a51dea5246cb4b7d0f47369a7c14281e88deb952469cff9235f5af4b7a14b3ca91e9b2cd457380dcd6eea8cfa6eba7b55829afcaed74
ssdeep: 196608:RvtAZj41WJ6pzqZjwT6p14pwOYJINaKEl6sb5LT1lWpWU:RKZ9JozqZjWafIN455LRlWpn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D676330277C3087DE46118351DA2AD509D6BB6613AF5188F2FFCCB0E4BB7AC1A6357A1
sha3_384: bff3d086344b61c3e7b22891a76d1607e9f6c1185f712445bcd1efbd85d38bd94662b995c417d7722246f9fdc23fc4fc
ep_bytes: e866050000e978feffffcccccccccccc
timestamp: 2022-03-03 13:15:57


Version Info:

0: [No Data]

RiskWare.Agent.SFX also known as:

BkavW32.AIDetectMalware
LionicRiskware.Win32.Zusy.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.458576
FireEyeGeneric.mg.b06a9887113ef6d8
McAfeeArtemis!B06A9887113E
MalwarebytesRiskWare.Agent.SFX
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 00584baa1 )
AlibabaTrojan:Win32/Nekark.a874a32b
K7GWRiskware ( 00584baa1 )
Cybereasonmalicious.08c4ee
CyrenW32/ABRisk.SXEK-6472
SymantecTrojan.Gen.MBT
APEXMalicious
KasperskyTrojan.Win32.Agent.xaxeie
BitDefenderGen:Variant.Zusy.458576
AvastFileRepMalware [Misc]
TencentWin32.Trojan.Agent.Ckjl
EmsisoftGen:Variant.Zusy.458576 (B)
F-SecureTrojan.TR/AD.Nekark.qqkwd
VIPREGen:Variant.Zusy.458576
TrendMicroTROJ_GEN.R002C0XEQ23
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.458576
GoogleDetected
AviraTR/AD.Nekark.qqkwd
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.TGeneric
ArcabitTrojan.Zusy.D6FF50
ViRobotTrojan.Win.Z.Zusy.7220671
ZoneAlarmTrojan.Win32.Agent.xaxeie
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R492805
Acronissuspicious
ALYacGen:Variant.Zusy.458576
Cylanceunsafe
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002C0XEQ23
RisingTrojan.Generic@AI.81 (RDML:xG3aaE6g36q5u4OYE6Q7ag)
FortinetPossibleThreat.PALLAS.M
AVGFileRepMalware [Misc]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove RiskWare.Agent.SFX?

RiskWare.Agent.SFX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment