Rootkit

About “Rootkit.Win32.Agent.elxa” infection

Malware Removal

The Rootkit.Win32.Agent.elxa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Rootkit.Win32.Agent.elxa virus can do?

  • Presents an Authenticode digital signature
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Rootkit.Win32.Agent.elxa?


File Info:

name: 7FD6C25528068EDA55DD.mlw
path: /opt/CAPEv2/storage/binaries/b20ef58c25e326df5764c4ce819d4b78f81781c760c2544ecaa4974c4fc16c49
crc32: 30FE042F
md5: 7fd6c25528068eda55ddf67eb65020d2
sha1: 42025896fd36122c341a01161119b1966e9cc6a0
sha256: b20ef58c25e326df5764c4ce819d4b78f81781c760c2544ecaa4974c4fc16c49
sha512: d7b52023c782a796849446066c7261784b153d6af2e580c29d210ad244fe5faa1ff27b0785c9f63dee0f44f6472a7e13792a268137ffa0d502ffc649c7f6c9af
ssdeep: 6144:5Rm6oAS2BcuxgvVJRmZe+1NFdGdUM8QUlyXfA5Iid47xya6o:5I6Qm8aHt/lZZ47xyaF
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T10B746C92D2BD4B95D16BC6B5CA9185A3FBB078084B2587CF2394C6426F13BF0AD3D325
sha3_384: 7735eb84928eb890ae1f2c123c5edf2c7b6dfb047d3f2c7a8bdb956f67cef6690a4eca260a11fa0a34478ed2bda3b595
ep_bytes: 4883ec284c8bc24c8bc9e895ffffff49
timestamp: 2015-04-15 15:34:11

Version Info:

Comments:
CompanyName: EldoS Corporation
FileDescription: CallbackFilter (file system filter driver)
FileVersion: 3, 1, 85, 78
InternalName: cbfltfs
LegalCopyright: Copyright (C) EldoS Corp. 2004-2015
LegalTrademarks:
OriginalFilename: cbfltfs.sys
PrivateBuild:
ProductName: CallbackFiler
ProductVersion: 3, 1, 85, 0
SpecialBuild:
Translation: 0x0409 0x0000

Rootkit.Win32.Agent.elxa also known as:

MicroWorld-eScanTrojan.GenericKD.38138548
FireEyeTrojan.GenericKD.38138548
McAfeeArtemis!7FD6C2552806
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaRootkit:Win32/Generic.043e3d29
SymantecTrojan.Gen.MBT
KasperskyRootkit.Win32.Agent.elxa
BitDefenderTrojan.GenericKD.38138548
AvastWin64:Malware-gen
TencentWin32.Rootkit.Agent.Angg
Ad-AwareTrojan.GenericKD.38138548
EmsisoftTrojan.GenericKD.38138548 (B)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataTrojan.GenericKD.38138548
MicrosoftTrojan:Win32/Wacatac.B!ml
MAXmalware (ai score=82)
AVGWin64:Malware-gen

How to remove Rootkit.Win32.Agent.elxa?

Rootkit.Win32.Agent.elxa removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment