Trojan

Trojan.Agent.BDFZ removal

Malware Removal

The Trojan.Agent.BDFZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BDFZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings

How to determine Trojan.Agent.BDFZ?



File Info:

name: 24C2973BC735073793C0.mlw
path: /opt/CAPEv2/storage/binaries/bc7e95dca0fa8585740d1f5c8ea9a5fa277c5e16bf3954624ead477323fa782a
crc32: 8E00246E
md5: 24c2973bc735073793c01ce374c09c26
sha1: ebdee9564107ccc649aa91cec9c1e8af42c0f2b5
sha256: bc7e95dca0fa8585740d1f5c8ea9a5fa277c5e16bf3954624ead477323fa782a
sha512: d70c2a1d3031a6ac4f1c48528eaa3877442946c4f7b05be77728d3c87d56c85d54c9ecea2567e325956c77b8e65c97467b023656254cb057c759eada5c87f058
ssdeep: 1536:Gql2D9s+n2hCDjlPFLkruHeDZ46VFUPW9Kc3ibuv:GXP2hcjlNLkSqZ4IFGW9NybG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D963AD87D2FC4214E6B6FAB258B967308275F85B5E71C76F1244DE4F0831A688911F2F
sha3_384: fca93cea96bbb80a59b854d78d0f48f9b7b6dfc777c918ad7f2cabe9d66e9ebb77878f800a94095aa54c5e08c79c71fa
ep_bytes: 558bec6aff6838374000689025400064
timestamp: 2014-05-28 16:21:42


Version Info:

0: [No Data]

Trojan.Agent.BDFZ also known as:

LionicTrojan.Win32.Zbot.lZ2O
CynetMalicious (score: 100)
FireEyeGeneric.mg.24c2973bc7350737
CAT-QuickHealTrojanPWS.Zbot.A4
McAfeePWSZbot-FSO!24C2973BC735
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.157226
K7AntiVirusTrojan ( 0055e3991 )
AlibabaTrojanDownloader:Win32/ScreenLocker.e6c6156e
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.bc7350
CyrenW32/Zbot.RQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Agent.AGV
APEXMalicious
ClamAVWin.Trojan.Zbot-64478
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BDFZ
NANO-AntivirusTrojan.Win32.Crypted.cztkne
SUPERAntiSpywareTrojan.Agent/Gen-Artemis
MicroWorld-eScanTrojan.Agent.BDFZ
AvastWin32:Crypt-REG [Trj]
TencentMalware.Win32.Gencirc.10c4874a
Ad-AwareTrojan.Agent.BDFZ
SophosMal/Zbot-QU
ComodoMalware@#38nhekw3h91cv
DrWebTrojan.DownLoad3.32895
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_ROVNIX.SMW
McAfee-GW-EditionPWSZbot-FSO!24C2973BC735
EmsisoftTrojan.Agent.BDFZ (B)
JiangminTrojanSpy.Zbot.edza
WebrootTrojan.Dropper.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.A2B603
KingsoftWin32.Troj.Zbot.tb.(kcloud)
MicrosoftPWS:Win32/Zbot!ml
GDataWin32.Trojan.EmotetSpamBot.B
TACHYONTrojan/W32.Inject.72720
AhnLab-V3Dropper/Win32.Necurs.R108958
BitDefenderThetaGen:NN.ZexaF.34084.euZ@ayMmENli
ALYacTrojan.Agent.BDFZ
MAXmalware (ai score=100)
VBA32TrojanSpy.Zbot
MalwarebytesSpyware.Zbot.ED
TrendMicro-HouseCallTROJ_ROVNIX.SMW
RisingTrojan.Generic@ML.90 (RDML:tQXeKqrV8IHLKtzetnDUCg)
YandexTrojanSpy.Zbot!LBPBuHRXip0
IkarusTrojan.ScreenLocker
FortinetW32/Zbot.TDLZ!tr
AVGWin32:Crypt-REG [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Agent.BDFZ?

Trojan.Agent.BDFZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment