Malware

Troj/Agent-BFZQ removal

Malware Removal

The Troj/Agent-BFZQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFZQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Troj/Agent-BFZQ?



File Info:

name: 5C91BA23BAEAC6B43657.mlw
path: /opt/CAPEv2/storage/binaries/4af31ac6109d61e4283b35e09297119fcf991cc4869e6715f9efff835441faf3
crc32: 4E506191
md5: 5c91ba23baeac6b43657fb8796e49c9d
sha1: 29d6b9e00554a43e285221d737a0377642abcbbd
sha256: 4af31ac6109d61e4283b35e09297119fcf991cc4869e6715f9efff835441faf3
sha512: 6dd66c53cf0210516856207238acc50257bad725c7c36240601ccd6b9f1db98baed512b4ec6cddcb99f50944dd06d266ec4220e5924c4e70e20e2c207264b6fc
ssdeep: 12288:/Fh3VeVZ9qeKNJv8UIqjqsfQk38K+ap2reDoqU:/FL1NiqjqRk38EDBU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16CB48E97CC09B6BAE7C547F3DBA06CB9202D6861B563241D22D5F3D92B77317238CA12
sha3_384: f87fc85b00e274af1dbc9bd120beb42567e13443c7433ecd9762dde4f9dfa8659896c053ba6f09d401080329da17b654
ep_bytes: 83ec1cc7042402000000ff1540114600
timestamp: 2004-09-03 01:11:34


Version Info:

FileDescription: SHAREit           
OriginalFilename: Shareit.exe       
ProductName: Lenovo SHAREit    
FileVersion: 3.10.349.0
LegalCopyright: Copyright ©  2016. All rights reserved.
ProductVersion: 3.10.349.0
Assembly Version: 3.10.349.0
Translation: 0x0409 0x04e4

Troj/Agent-BFZQ also known as:

BkavW32.AIDetectMalware
AVGWin32:WormX-gen [Wrm]
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.39201
FireEyeGeneric.mg.5c91ba23baeac6b4
CAT-QuickHealWorm.Drolnux.S369463
SkyhighBehavesLike.Win32.Generic.hh
McAfeeGeneric-FAHD!5C91BA23BAEA
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.a
BitDefenderThetaGen:NN.ZexaF.36804.FO3@aKH1uboi
VirITTrojan.Win32.PackedENT.BS
SymantecTrojan.Toraldrop
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HRNS
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:WormX-gen [Wrm]
ClamAVWin.Worm.Drolnux-9781699-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.39201
NANO-AntivirusTrojan.Win32.PackedENT.ibnpry
SUPERAntiSpywareTrojan.Agent/Gen-Injector
TencentWorm.Win32.Drolnux.za
EmsisoftTrojan.GenericKDZ.39201 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PackedENT.108
VIPRETrojan.GenericKDZ.39201
Trapminesuspicious.low.ml.score
SophosTroj/Agent-BFZQ
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.arvem
WebrootW32.Trojan.Gen
VaristW32/Kryptik.LVX.gen!Eldorado
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Win32.Ibashade
Kingsoftmalware.kb.a.766
MicrosoftWorm:Win32/Drolnux
XcitiumWorm.Win32.Ibashade.D@6v10bm
ArcabitTrojan.Generic.D9921
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.PSE.16ZT84S
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R641454
VBA32BScope.Trojan.PackedENT
ALYacTrojan.GenericKDZ.39201
Cylanceunsafe
PandaTrj/Genetic.gen
RisingWorm.Ibashade!1.BC34 (CLASSIC)
YandexTrojan.GenAsa!OCin2BuPo3E
IkarusTrojan.Win32.Ibashade
FortinetW32/Agent.F12E!tr
DeepInstinctMALICIOUS

How to remove Troj/Agent-BFZQ?

Troj/Agent-BFZQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment