Trojan

Trojan.Agent.FOMN removal tips

Malware Removal

The Trojan.Agent.FOMN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Agent.FOMN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Transacted Hollowing
  • Anomalous binary characteristics

How to determine Trojan.Agent.FOMN?


File Info:

name: 8861CC81D72A65CFF36B.mlw
path: /opt/CAPEv2/storage/binaries/47d291ed7b575a437c85b4c0b98eddd0f56a61bf2b4e600ca5ceca7aa696845a
crc32: 6AFE7C7F
md5: 8861cc81d72a65cff36b94a7944a09cb
sha1: cf2d72fd57267c58140dac771eccc815dc7f2627
sha256: 47d291ed7b575a437c85b4c0b98eddd0f56a61bf2b4e600ca5ceca7aa696845a
sha512: 46ec738b3d02a853e2f5608abf5fd13e58b35eeac7e85146e4a3ae5ebc974b3991a8d8d64e56632c70ca195e7c460e3502a0dce25b5d118109ac2b21e5325be2
ssdeep: 196608:IL6ocnTHyYweHXXRxaaDvJvbNqj3Pt9CS3:C6JnTSG3XaabJpqj3Pt3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19176DF213E47C42BC9620970967D8EAF5128BFB50B6781CBA3D81D2E95B49C35E31F27
sha3_384: 2a3e53148bbb2df2b2d02c208385ac61a8cdbfa49b0e222880f2c8759da71252d8e27253b8e80df02dadb22b7d9ea6b4
ep_bytes: e86c060000e97afeffffcccccccccc51
timestamp: 2021-09-21 12:31:37

Version Info:

CompanyName: App vNext
FileDescription: PS Studio Installer
FileVersion: 2.1.3.12
InternalName: ps-studio
LegalCopyright: Copyright (C) 2021 App vNext
OriginalFileName: ps-studio.exe
ProductName: PS Studio
ProductVersion: 2.1.3.12
Translation: 0x0409 0x04b0

Trojan.Agent.FOMN also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanTrojan.Agent.FOMN
FireEyeTrojan.Agent.FOMN
ArcabitTrojan.Agent.FOMN
ESET-NOD32multiple detections
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderTrojan.Agent.FOMN
AvastWin32:DangerousSig [Trj]
Ad-AwareTrojan.Agent.FOMN
EmsisoftTrojan.Agent.FOMN (B)
AviraHEUR/AGEN.1145770
MAXmalware (ai score=86)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataTrojan.Agent.FOMN
CynetMalicious (score: 99)
VBA32Trojan.Agent
ALYacTrojan.Agent.FOMN
YandexTrojan.PWS.Agensla!Z+iXxMsbzZQ
IkarusTrojan-Spy.Win32.CoinStealer
AVGWin32:DangerousSig [Trj]

How to remove Trojan.Agent.FOMN?

Trojan.Agent.FOMN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment