Malware

SFX:Agent-AW [Trj] removal

Malware Removal

The SFX:Agent-AW [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What SFX:Agent-AW [Trj] virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine SFX:Agent-AW [Trj]?



File Info:

name: D834AF002898C9545E2B.mlw
path: /opt/CAPEv2/storage/binaries/8e15e35a4863c97f419bc401bfc02b88e22b0709f481cfcca8192d97d60304ff
crc32: AD77DC65
md5: d834af002898c9545e2b889c039d835c
sha1: 734fb64114186ce04fbdffc449644d86f7e68ef5
sha256: 8e15e35a4863c97f419bc401bfc02b88e22b0709f481cfcca8192d97d60304ff
sha512: 2ed5067c1d42da4aef87414a9d480a232790c44405aeabcf66b652847b25eb98b6efcca9383eab8244f84011c157fc768663acbbafefde74b4112137938d059d
ssdeep: 98304:O06FOznLo0+Dd6uxcic4OliAhzIsfVqAAKz:O3F6n80W6uGi1OQAhFfVqAAW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5E52342F782D0B1D5A900F505668A724E7ABD3247B6C4F36FD03A6F9E703D0AA3175A
sha3_384: 15f57df7cea60d275f15c58348289558bc791b72c6794fc17c21a12d72db03a2aee3c4b1f79af3060d047ed3eff94138
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2012-06-14 16:16:10


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.1.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.0.0
Translation: 0x0409 0x04e4

SFX:Agent-AW [Trj] also known as:

BkavW32.AIDetectMalware
AVGSFX:Agent-AW [Trj]
Elasticmalicious (moderate confidence)
McAfeeArtemis!D834AF002898
SangforTrojan.Win32.Agent.Vz69
APEXMalicious
AvastSFX:Agent-AW [Trj]
McAfee-GW-EditionArtemis
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmHEUR:Trojan-Dropper.NSIS.Sufrar.gen
RisingTrojan.Evasion/SFACTORY!1.E9F4 (CLASSIC)
IkarusTrojan.Win32.Farfli
FortinetW32/PossibleThreat
DeepInstinctMALICIOUS

How to remove SFX:Agent-AW [Trj]?

SFX:Agent-AW [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment