About “Troj/Agent-BHER” infection

Malware Removal

The Troj/Agent-BHER is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Troj/Agent-BHER virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Creates a slightly modified copy of itself

How to determine Troj/Agent-BHER?


File Info:

crc32: 72BD5E60
md5: cca981d601a6412fdb0be6159f571352
name: CCA981D601A6412FDB0BE6159F571352.mlw
sha1: e3c88c9f409a4a6d331dbc406ba5a5dd50ba86ef
sha256: d9485de4313a511171a53414b3b701b9b9b9a16220ccfe2fb16f0e6b27bc9ea1
sha512: c79cc0d931f8c64ee0db44516c5ab616f54f9d4956fef0bfe3aa972750f643d93eca48e5506016b02efe28a7d26395d6e9d7c6eaddbd99fe693bf63b9b78ea3f
ssdeep: 24576:7wjYNvuMMt9YNJ2lQYNvuMMt9YNeyHVpiYNvuMMt9YNJ2lQYNvuMMt9YN3:E22LP2JyHVp32LP2E
type: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

0: [No Data]

Troj/Agent-BHER also known as:

K7AntiVirusTrojan ( 005690671 )
Elasticmalicious (high confidence)
DrWebTrojan.Packed2.43250
ALYacGen:Variant.Razy.892337
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 005690671 )
Cybereasonmalicious.601a64
CyrenW32/Kryptik.DXL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HITO
APEXMalicious
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Copak.pef
BitDefenderGen:Variant.Razy.892337
NANO-AntivirusTrojan.Win32.Copak.jciaow
MicroWorld-eScanGen:Variant.Razy.892337
Ad-AwareGen:Variant.Razy.892337
SophosTroj/Agent-BHER
BitDefenderThetaGen:NN.ZexaCO.34170.5iZ@aOYig6d
McAfee-GW-EditionBehavesLike.Win32.VirRansom.dc
FireEyeGeneric.mg.cca981d601a6412f
EmsisoftGen:Variant.Razy.892337 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Copak.xss
AviraTR/Crypt.XPACK.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.329A36B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Razy.892337
AhnLab-V3Trojan/Win.Skeeyah.R425377
McAfeeGenericRXAA-FA!CCA981D601A6
MAXmalware (ai score=85)
VBA32BScope.Trojan.Wacatac
MalwarebytesTrojan.Crypt
RisingTrojan.Injector!1.C865 (CLASSIC)
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.FFP!tr
AVGWin32:Trojan-gen

How to remove Troj/Agent-BHER?

Troj/Agent-BHER removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment