Trojan

Trojan.Agent.DZGZ removal instruction

Malware Removal

The Trojan.Agent.DZGZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.DZGZ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Ursnif3 malware family

How to determine Trojan.Agent.DZGZ?



File Info:

name: 99707768C66732685DD1.mlw
path: /opt/CAPEv2/storage/binaries/cefbf79b87e378f51631e5d9ca8d4e06f36db5ca08e5512911f417bae5356566
crc32: E162018E
md5: 99707768c66732685dd1ebf7915f5745
sha1: f7a75d060cfab7b8bb411a79d0c7adb6fec0094f
sha256: cefbf79b87e378f51631e5d9ca8d4e06f36db5ca08e5512911f417bae5356566
sha512: e71e6f8b97dc75035f8884cdb8dfacce5ba53e81092b4c30850827d80dcfece4748370c507e4999d7faa1abe984b53586a8b5d3d2d8dbc92afc575c57328427b
ssdeep: 6144:Fcr6ahLPMadurYLWpT+5z8dWQugWkzCpJNjuwDdHrGlHyYofynqRxlErwSFAA55x:yGahjFQzizpQugWb5HZyhVkyqRma
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T147E4E7336E919C6CE4AACEF40AAA51655C69EE50BF3080CB258031DA45FD9D07B3DED3
sha3_384: 59f5c814771bb016912bbaff8c22a164c2ccfcedde280fd694280443ad33ea81bfbd595850cd34097d76b1955ec4775a
ep_bytes: 558bece858fdffff5dc3cccccccccccc
timestamp: 2016-06-24 11:04:34


Version Info:

CompanyName: Elemental Technologies Mademultiply
FileDescription: Fingerpossible Suggestearth
FileVersion: 8.4.69.46 Lateteam
InternalName: devenv.exe
LegalCopyright: © Elemental Technologies Mademultiply.All rights reserved.
OriginalFilename: bac.exe
ProductName: Fingerpossible Suggestearth
ProductVersion: 8.4.69.46
Translation: 0x0409 0x04b0

Trojan.Agent.DZGZ also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.DZGZ
FireEyeGeneric.mg.99707768c6673268
ALYacTrojan.Agent.DZGZ
CylanceUnsafe
VIPRETrojan.Agent.DZGZ
K7AntiVirusTrojan ( 00550d111 )
AlibabaTrojan:Win32/Kryptik.73424b26
K7GWTrojan ( 00550d111 )
Cybereasonmalicious.8c6673
BitDefenderThetaGen:NN.ZexaF.34786.PC0@aqMNenli
VirITTrojan.Win32.Ursnif.BNV
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GUFP
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.DZGZ
NANO-AntivirusTrojan.Win32.Ursnif.frxlxq
AvastWin32:BankerX-gen [Trj]
TencentMalware.Win32.Gencirc.10ba1806
Ad-AwareTrojan.Agent.DZGZ
TACHYONTrojan-Spy/W32.Ursnif.687616.B
EmsisoftTrojan.Agent.DZGZ (B)
DrWebTrojan.Siggen8.35377
ZillyaTrojan.Generic.Win32.896281
McAfee-GW-EditionEmotet-FLR!99707768C667
SentinelOneStatic AI – Malicious PE
Trapminemalicious.moderate.ml.score
SophosMal/EncPk-AOY
APEXMalicious
JiangminTrojanSpy.Ursnif.cki
WebrootW32.Trojan.Gen
AviraTR/AD.Ursnif.vezgg
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataTrojan.Agent.DZGZ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ursnif.R278315
McAfeeEmotet-FLR!99707768C667
MAXmalware (ai score=86)
VBA32TrojanSpy.Ursnif
RisingTrojan.Generic@AI.91 (RDML:j+e8gmG0fHpd0ijLxQNf2A)
YandexTrojanSpy.Ursnif!OW3a7XL8I6g
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.74405972.susgen
FortinetW32/GenKryptik.DXTJ!tr
AVGWin32:BankerX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Agent.DZGZ?

Trojan.Agent.DZGZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment