Trojan

Trojan.Agent.BONA removal

Malware Removal

The Trojan.Agent.BONA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Agent.BONA virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Kyrgyz
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Deletes its original binary from disk
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
myexternalip.com
ocsp.pki.goog
nhansu1000.net
oriindia.com
www.oriindia.com
goldisold.com
crl.pki.goog
crls.pki.goog
www.hugedomains.com
ocsp.digicert.com
wwwdot.info
gomelnews.ru

How to determine Trojan.Agent.BONA?


File Info:

crc32: 344D2716
md5: 10f837317c1e4b66cd92cc1e16478582
name: 10F837317C1E4B66CD92CC1E16478582.mlw
sha1: df909614160e4203b3cc8d9b3619f4d3ef727c82
sha256: cc01a88774b7b128d191139b25697a8de6bc5068b9e0b800a5c78d7e07368aaf
sha512: 9395669506059e9f596c255e32f5495cb1d6687b298f182547c5829cf0b78db0bdbfdf9862b0b02064fdbd7273b1383303b5bb0a447ca8241495e17cd9168020
ssdeep: 6144:WlshE465U6aWySfI0Fobkw3nBB8t8u/rmKT9ZkLllg:vq4MBhyCKPv81+Lll
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Carnal (C) 2018
InternalName: Coastlands
FileDescription: Cleric
OriginalFilename: Characterises.exe
CompanyName: Davis Instuments Corp.

Trojan.Agent.BONA also known as:

BkavW32.AIDetect.malware2
K7AntiVirusRiskware ( 0040eff71 )
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.AVKill.59428
CynetMalicious (score: 100)
ALYacTrojan.Agent.BONA
CylanceUnsafe
ZillyaTrojan.FakeAV.Win32.319771
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.17c1e4
SymantecRansom.TeslaCrypt
ESET-NOD32Win32/Filecoder.TeslaCrypt.I
APEXMalicious
AvastWin32:TeslaCrypt-DJ [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BONA
NANO-AntivirusTrojan.Win32.AVKill.dyxvot
ViRobotTrojan.Win32.TeslaCrypt.Gen.B
MicroWorld-eScanTrojan.Agent.BONA
TencentMalware.Win32.Gencirc.10c5578c
Ad-AwareTrojan.Agent.BONA
SophosML/PE-A + Mal/Ransom-DP
BitDefenderThetaGen:NN.ZexaF.34170.tq0@aOW4U8nG
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.SM
McAfee-GW-EditionBehavesLike.Win32.SuspiciousFake.fh
FireEyeGeneric.mg.10f837317c1e4b66
EmsisoftTrojan.Agent.BONA (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1123567
Antiy-AVLTrojan/Generic.ASMalwS.15BA148
MicrosoftVirTool:Win32/CeeInject.gen!E
ArcabitTrojan.Agent.BONA
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
GDataTrojan.Agent.BONA
AhnLab-V3Trojan/Win32.Teslacrypt.R174710
Acronissuspicious
McAfeeGenericR-FFB!10F837317C1E
MAXmalware (ai score=84)
VBA32Trojan.Yakes
PandaTrj/Cryptodefense.A
TrendMicro-HouseCallRansom_CRYPTESLA.SM
RisingTrojan.Agent!1.A322 (CLASSIC)
YandexTrojan.Yakes!k0ErcLZEPcA
IkarusTrojan.Win32.Filecoder
FortinetW32/TeslaCrypt.I!tr
AVGWin32:TeslaCrypt-DJ [Trj]
Paloaltogeneric.ml

How to remove Trojan.Agent.BONA?

Trojan.Agent.BONA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment