Trojan

Trojan.Agent.BBOW removal guide

Malware Removal

The Trojan.Agent.BBOW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BBOW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself

How to determine Trojan.Agent.BBOW?



File Info:

name: 65B3807E41F9BD704DB4.mlw
path: /opt/CAPEv2/storage/binaries/c17140d5e21d2e55b38625e4b5e9e77782fb8f6a4fc51f335d5a4553113fc416
crc32: 39E4A494
md5: 65b3807e41f9bd704db46fa9343ca4c4
sha1: a89c86c7cf4988b2e960dcd265cdd0260956792e
sha256: c17140d5e21d2e55b38625e4b5e9e77782fb8f6a4fc51f335d5a4553113fc416
sha512: f578e8b4989e11322ca0fd74926badafc87151fe5c7ee50152c3148e0bdda5c36cd2da54425c10158fe3763878d53d5503371abf6296ab4fd52e7408fcbed23d
ssdeep: 12288:YFVxJ4TsTvEpp5QbdbVInbxmH8c9YK3TBvE:YX3oEExQB6bx6P9YK39v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T196B42284E7D3DE61E42881F7972397F12E5D7E04E5806F8376987E8F3B336105960AA8
sha3_384: a59b91c2b372d7d736b1c4bbd3123ae732728bf6aabd8bc529815895e3d0c50c42a7d9e4d903b300327b3dd566abef4d
ep_bytes: 60be00004e008dbe0010f2ffc7871077
timestamp: 2010-06-19 09:40:38


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Imaging Devices Control Panel
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: ImagingDevices.cpl
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ImagingDevices.cpl
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Trojan.Agent.BBOW also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Agent.BBOW
McAfeeGenericRXAA-FA!65B3807E41F9
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0045d7e81 )
K7GWTrojan ( 0045d7e81 )
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaAI:Packer.E2D8C91C1B
VirITTrojan.Win32.Generic.CLFJ
CyrenW32/Trojan.AKDB-7668
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.IRCBot.JD
KasperskyTrojan.Win32.Neurevt.n
BitDefenderTrojan.Agent.BBOW
NANO-AntivirusTrojan.Win32.Neurevt.cqztan
AvastFileRepDamaged [Dmg]
Ad-AwareTrojan.Agent.BBOW
ComodoTrojWare.Win32.Spy.Banker.Gen@1qlojk
DrWebBackDoor.Comet.152
ZillyaTrojan.Neurevt.Win32.7
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.65b3807e41f9bd70
IkarusTrojan.Win32.IRCBot
JiangminTrojan/Neurevt.g
Antiy-AVLTrojan/Win32.Neurevt
MicrosoftTrojan:Win32/Wacatac.B!ml
APEXMalicious
GDataTrojan.Agent.BBOW
GoogleDetected
AhnLab-V3Trojan/Win32.Neurevt.C255229
Acronissuspicious
VBA32Malware-Cryptor.Limpopo
ALYacTrojan.Agent.BBOW
MAXmalware (ai score=83)
MalwarebytesMalware.Heuristic.1003
RisingWorm.Win32.Autorun.tyy (CLASSIC)
YandexWorm.AutoRun!sz36b0ZoE4Y
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Neurevt.JD!tr
AVGFileRepDamaged [Dmg]
Cybereasonmalicious.e41f9b
PandaTrj/Genetic.gen

How to remove Trojan.Agent.BBOW?

Trojan.Agent.BBOW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment