Trojan

Trojan.Agent.FPHE removal tips

Malware Removal

The Trojan.Agent.FPHE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Agent.FPHE virus can do?

  • Presents an Authenticode digital signature
  • Possible date expiration check, exits too soon after checking local time
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan.Agent.FPHE?


File Info:

crc32: 52193A94
md5: 74589dccc3c96c1be1695a79d9f2a4c7
name: 74589DCCC3C96C1BE1695A79D9F2A4C7.mlw
sha1: a942e72541fbba342c97e1de903c58a19c6b6a24
sha256: 537571f63426a5177ec17a5255ab8bf8c89007f07af3fcb5c13ff3150aaf52e2
sha512: 9b0177009037d191116d73a0e06da2c148a82127e4a26b19dc258e4cbebe35f1070aa4499313fade2bbab239e9a6198cda5a68c0f969c5576d80bf76deda2cdd
ssdeep: 24576:fX0vwa3YzZGMNTQ90QUOzaQhUHVdlTtWGJ0dOTQ+b/ocRAqgt:fEvwa3YlnNTSdNaQSHVdVtWGydOn/oc0
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Copyright (C) 2016
InternalName: 1.exe
FileVersion: 1.0.0.1
CompanyName: -
ProductName: -
ProductVersion: 1.0.0.1
FileDescription: -
OriginalFilename: 1.exe
Translation: 0x0412 0x04b0

Trojan.Agent.FPHE also known as:

K7AntiVirusTrojan ( 0052f0ed1 )
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CylanceUnsafe
ZillyaDropper.AgentCRTD.Win32.12028
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (W)
K7GWTrojan ( 0052f0ed1 )
CyrenW32/LockScreen.Q.gen!Eldorado
SymantecPUA.Ransom
ESET-NOD32a variant of Win32/LockScreen.BQP
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Khalesi.pef
BitDefenderTrojan.Agent.FPHE
MicroWorld-eScanTrojan.Agent.FPHE
TencentWin32.Trojan.Lockscreen.Agbg
Ad-AwareTrojan.Agent.FPHE
SophosMal/Generic-S
TrendMicroRansom_LockScreen.R002C0CK321
McAfee-GW-EditionGenericRXJJ-FC!25042BDE0881
FireEyeTrojan.Agent.FPHE
EmsisoftTrojan.LockScreen (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Script.aizr
AviraHEUR/AGEN.1100699
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.34C6F17
MicrosoftRansom:Win32/LockScreen.LK!MTB
ArcabitTrojan.Agent.FPHE
GDataTrojan.Agent.FPHE
McAfeeGenericRXAA-AA!74589DCCC3C9
MAXmalware (ai score=85)
VBA32Trojan.Convagent
MalwarebytesMalware.AI.3842619117
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_LockScreen.R002C0CK321
RisingTrojan.LockScreen!1.B39F (CLASSIC)
IkarusTrojan.RansomKD
FortinetW32/LockScreen.BPL!tr
AVGWin32:TrojanX-gen [Trj]

How to remove Trojan.Agent.FPHE?

Trojan.Agent.FPHE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment