Malware

SFX:Agent-AP [Trj] removal guide

Malware Removal

The SFX:Agent-AP [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What SFX:Agent-AP [Trj] virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Suspicious wmic.exe use was detected

How to determine SFX:Agent-AP [Trj]?



File Info:

name: 568A9FC295985374B0A8.mlw
path: /opt/CAPEv2/storage/binaries/b7e117eb342b0d450095805073326989c792bf5ccbbdcd5f4a9ace50e517412e
crc32: 421FDAB8
md5: 568a9fc295985374b0a8027e3519c9a4
sha1: 387eb777bb44f583f7e72cd8938b5eddbcda2054
sha256: b7e117eb342b0d450095805073326989c792bf5ccbbdcd5f4a9ace50e517412e
sha512: 931b9167ee9d69cad251a6a465959cba83dd27edc0b1256dc22c39a18383f6948a070a78d3a41ff25fb8a1a56963cbaf0ae6aacfc4e9b4d647839083301fb87b
ssdeep: 12288:GXwOrReFWQFvU65S65VGxoTwEzr9VhURFVBc3nkUm:GXwOrRsLUkzuuTXvhU1oo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EA412027BE6C4F9D1A612715C893BB248B6FA740F198AC39BD40D0B5F706D5A73A3C6
sha3_384: 035ac496c14589c855d5f6b4a38d6f06b2ac31f6d4bcfc6795cccf600c128b697c89e6b8e957f8b4179f1149f3180e82
ep_bytes: 558bec6aff6870c4410068c095410064
timestamp: 2012-12-31 00:38:51


Version Info:

CompanyName: Microsoft Corporation
FileDescription: CertUtil.exe
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: CertUtil.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CertUtil.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

SFX:Agent-AP [Trj] also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agentb.4!c
DrWebTrojan.MulDrop7.19104
MicroWorld-eScanTrojan.Agent.CEOZ
FireEyeTrojan.Agent.CEOZ
ALYacTrojan.Agent.CEOZ
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004f49e11 )
AlibabaWorm:Win32/InfoStealer.8dac5ad4
K7GWTrojan ( 004f49e11 )
Cybereasonmalicious.295985
ArcabitTrojan.Agent.CEOZ
CyrenBAT/Agent.AJX
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32BAT/Agent.NEH
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agentb.btnh
BitDefenderTrojan.Agent.CEOZ
NANO-AntivirusTrojan.Win32.Agent.ekodlv
AvastSFX:Agent-AP [Trj]
TencentWin32.Trojan.Agentb.Fplw
SophosMal/Generic-S
F-SecureBackdoor.BDS/Agent.ygcrw
VIPRETrojan.Agent.CEOZ
TrendMicroTROJ_FRS.0NA103C320
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.gc
EmsisoftTrojan.Agent.CEOZ (B)
WebrootW32.Trojan.Agent.Gen
AviraBDS/Agent.ygcrw
Antiy-AVLTrojan[APT]/Win32.Gamaredon
XcitiumMalware@#5ajs77nztwi2
MicrosoftTrojan:Win32/Dynamer!rfn
ZoneAlarmTrojan.Win32.Agentb.btnh
GDataTrojan.Agent.CEOZ
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C2030343
McAfeeArtemis!568A9FC29598
MAXmalware (ai score=100)
VBA32Trojan.Agentb
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_FRS.0NA103C320
RisingWorm.Agent!8.25 (TOPIS:E0:uTq4tm9zDCN)
IkarusWorm.BAT.Agent
FortinetBAT/Agent.NEH!worm
AVGSFX:Agent-AP [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove SFX:Agent-AP [Trj]?

SFX:Agent-AP [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment