What is "Trojan.Agent.CUTH"?

The Trojan.Agent.CUTH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Agent.CUTH virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process created a hidden window
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Steals private information from local Internet browsers
Exhibits behavior characteristic of Pony malware
Collects information about installed applications
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan.Agent.CUTH?


File Info:
crc32: A8290A49
md5: 3a7244a24354068e0e9a2e5061685b6b
name: 3A7244A24354068E0E9A2E5061685B6B.mlw
sha1: 74db5227e9849038da7a968a36500a39a58d81c0
sha256: df0d7ac04ffabbb475bf5ecd147e8aacf8b9fcff1c647125cdc252077405e188
sha512: d6787fc059c1933201b1925b8a8cc219498015fd0f6ca8ecd15cabb5169381990f0454b26c2db964450f877b865bc289bf20ef7fba065126ffe16e48668eff74
ssdeep: 12288:ZSiBFQnG+vrRiIskCR7uCGdeIkAQDedTFO4qaXU4:/MnNrRiIsN8CGoIWDe1FeAU4
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 >
InternalName: 
FileVersion: 2
License:  
CompanyName:  <w.gn
LegalTrademarks: GN
ProductName: Flx
ProductVersion: 24a
FileDescription: or
OriginalFilename: fle
Translation: 0x0409 0x04e4

Trojan.Agent.CUTH also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005270b81 )
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Pigeon1.13646
Cynet	Malicious (score: 100)
ALYac	Trojan.Agent.CUTH
Cylance	Unsafe
Zillya	Backdoor.Androm.Win32.49355
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	TrojanPSW:Win32/Fareit.ee6b7f85
K7GW	Trojan ( 005270b81 )
Cybereason	malicious.243540
Cyren	W32/Trojan.RUTI-7110
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Injector.DVUZ
Zoner	Trojan.Win32.66303
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan-PSW.Win32.Fareit.dqvj
BitDefender	Trojan.Agent.CUTH
NANO-Antivirus	Trojan.Win32.Pigeon1.exzptk
ViRobot	Trojan.Win32.Agent.712704.K
MicroWorld-eScan	Trojan.Agent.CUTH
Tencent	Malware.Win32.Gencirc.10b3be37
Ad-Aware	Trojan.Agent.CUTH
Sophos	Mal/Generic-S + Mal/Fareit-Q
BitDefenderTheta	AI:Packer.936B438711
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_FAREIT.CBQ
McAfee-GW-Edition	BehavesLike.Win32.Fareit.jh
FireEye	Generic.mg.3a7244a24354068e
Emsisoft	Trojan.Agent.CUTH (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.PSW.Fareit.aaho
Avira	HEUR/AGEN.1114886
Antiy-AVL	Trojan/Generic.ASMalwS.247761B
Microsoft	Trojan:Win32/Fareit!ml
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
ZoneAlarm	Trojan-PSW.Win32.Fareit.dqvj
GData	Trojan.Agent.CUTH
AhnLab-V3	Suspicious/Win.Delphiless.X2094
Acronis	suspicious
McAfee	Trojan-FOTS!3A7244A24354
MAX	malware (ai score=100)
VBA32	BScope.TrojanPSW.Azorult
Malwarebytes	Trojan.MalPack
Panda	Trj/RnkBend.A
TrendMicro-HouseCall	TSPY_FAREIT.CBQ
Rising	Trojan.Injector!1.AFE3 (CLASSIC)
Yandex	Trojan.GenAsa!7/pYOWo15WM
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Injector.DXRU!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml

How to remove Trojan.Agent.CUTH?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Trojan.Agent.CUTH”?