Trojan.AgentRI.S28979275 removal

The Trojan.AgentRI.S28979275 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.AgentRI.S28979275 virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.AgentRI.S28979275?


File Info:
name: 515B1CD7F17E4045B8A9.mlw
path: /opt/CAPEv2/storage/binaries/6f90f77f9b577179bc24af8459dd01fc0d326bb7ed41ab9e3b4f45d1cd8bf09c
crc32: 73009034
md5: 515b1cd7f17e4045b8a98a32691aff66
sha1: 60ba7ccb728dcdaa4cb62585077187006a714ecf
sha256: 6f90f77f9b577179bc24af8459dd01fc0d326bb7ed41ab9e3b4f45d1cd8bf09c
sha512: 6f4e16d6db42c786d6a359c94b08213cf7ee914c6e00a336c44d3dd640879329167a3a639b81b40b5e2add37bc75e83603cd328538dda154e805daec6a30a13f
ssdeep: 6144:FlehL/RnhyM7heSV1bXZZIWfk9/K8B1jOXWMEbRCpP+dpyGjhKjU3eK+:XmdkCheS/XZZIf9/K8KGzbRCy0Wb+
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13CA46B11B6A2C029F4F351F81BBEA2B8A52D7AF04B6C50CB61D523ED96345E46C33793
sha3_384: 8cc57e5e3e98e7bbac4f9f8d35a65e45bb168817750901b5e3e0a6fca0102abed9ba371dd4bb1a9ccbe0ffa6a81c540f
ep_bytes: e931a80000e9fcc00300e9e7290100e9
timestamp: 2012-06-12 14:57:08

Version Info:
0: [No Data]

Trojan.AgentRI.S28979275 also known as:

CAT-QuickHeal	Trojan.AgentRI.S28979275
Skyhigh	Artemis
McAfee	Artemis!515B1CD7F17E
Malwarebytes	Generic.Malware/Suspicious
K7AntiVirus	Unwanted-Program ( 004f7fa41 )
K7GW	Unwanted-Program ( 004f7fa41 )
ESET-NOD32	a variant of Win32/HackTool.CardTool.A potentially unsafe
APEX	Malicious
NANO-Antivirus	Trojan.Win32.CardTool.fmiaxn
Rising	Trojan.Generic@AI.96 (RDML:9ah5202Dcr04ReiyOdtXiw)
DrWeb	Trojan.DownLoader22.35950
Ikarus	PUA.HackTool.Cardtool
Antiy-AVL	GrayWare/Win32.Presenoker
VBA32	BScope.Backdoor.IRC.Bot
DeepInstinct	MALICIOUS
Yandex	Trojan.GenAsa!RQIbhxEpsMk
Fortinet	Riskware/CardTool

How to remove Trojan.AgentRI.S28979275?

Trojan.AgentRI.S28979275 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X