Trojan

Trojan.Agent.BMEO removal tips

Malware Removal

The Trojan.Agent.BMEO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BMEO virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Adds a new user to the system
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to restart the guest VM
  • Adds a new user to the Administrators group
  • Overwrites local Administrator password
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Agent.BMEO?



File Info:

name: F7A1C91C25C5544DAB18.mlw
path: /opt/CAPEv2/storage/binaries/875bb585bd8623d17f8529fbc42ebc0529cb6732366dd33f73a950eaef111b4c
crc32: 87409E1A
md5: f7a1c91c25c5544dab18e637ff74d796
sha1: 00632c675f2fa0d4568c7fa8912f66a6f8e0ff11
sha256: 875bb585bd8623d17f8529fbc42ebc0529cb6732366dd33f73a950eaef111b4c
sha512: 07aafd96d68ee81dcef0c20ab93f7c921d7f8219c3e5ee25657ca2d9439570df40e8e81615ee4308c71fc7ec5977dcdbf505404dfee0973eb2e8f950eaa346c4
ssdeep: 6144:L7dIUWwLxykY3A+DNrWiSHRxAKL55owuqJ3/gi:vdIUrLokYw+D/SHRxAKLuq/B
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15234124EFFBE281AC5B8CBB404137CD15343EC90435ADE1B5654085BB69EB380EA76E9
sha3_384: 12b4ddf2dff829ece831372e414cf4c48ef3ec39b43f5b8a8cab20da16d45f2a4afec6b47d51108fc8c1f61345664332
ep_bytes: 60be007046008dbe00a0f9ff57eb0b90
timestamp: 2014-03-20 04:34:18


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
CompanyName: QQ前线
LegalCopyright: www.yijingying.com-qq前线
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Trojan.Agent.BMEO also known as:

Elasticmalicious (moderate confidence)
CAT-QuickHealTrojan.Adduser.100316
CylanceUnsafe
K7AntiVirusTrojan ( 0007fbf81 )
K7GWTrojan ( 0007fbf81 )
BaiduWin32.Trojan.AddUser.a
VirITBackdoor.Win32.Generic.AEXM
CyrenW32/S-6b93e35e!Eldorado
tehtrisGeneric.Malware
ESET-NOD32Win32/AddUser.V
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.AddUser.gen
BitDefenderTrojan.Agent.BMEO
NANO-AntivirusTrojan.Win32.AddUser.ekkiua
MicroWorld-eScanTrojan.Agent.BMEO
AvastWin32:Malware-gen
TencentTrojan.Win32.Winlock.g
Ad-AwareTrojan.Agent.BMEO
EmsisoftTrojan.Agent.BMEO (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.Adduser.159
ZillyaTrojan.AddUser.Win32.174
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.f7a1c91c25c5544d
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.FlyStudio
GDataWin32.Application.PUPStudio.A
JiangminTrojan.AddUser.f
AviraTR/Adduser.vmnia
ArcabitTrojan.Agent.BMEO
ZoneAlarmHEUR:Trojan.Win32.AddUser.gen
MicrosoftPWS:Win32/Zbot!ml
TACHYONTrojan/W32.AddUser.561152
AhnLab-V3Trojan/Win32.Agent.R132416
VBA32Trojan.AddUser
ALYacTrojan.Agent.BMEO
MAXmalware (ai score=81)
MalwarebytesMalware.Heuristic.1003
RisingRansom.AddUser!1.A154 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetW32/ADDUSER.V!tr
BitDefenderThetaGen:NN.ZexaCO.34742.pmKfaKrjGHhb
AVGWin32:Malware-gen
Cybereasonmalicious.c25c55

How to remove Trojan.Agent.BMEO?

Trojan.Agent.BMEO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment