Trojan

Trojan.AIT.Agent.W removal guide

Malware Removal

The Trojan.AIT.Agent.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.AIT.Agent.W virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan.AIT.Agent.W?



File Info:

name: 7122396C49937BF63287.mlw
path: /opt/CAPEv2/storage/binaries/eaeee6ff53aa5d7c3a85e60b59c7188f79f4fd73b5f99474e1942847fb848fe3
crc32: 26A81B55
md5: 7122396c49937bf63287f2e8b9dd47cb
sha1: e989dc46d84a1a2f8c558b5303ba2513adde13a8
sha256: eaeee6ff53aa5d7c3a85e60b59c7188f79f4fd73b5f99474e1942847fb848fe3
sha512: 3b5828802ea255c1a8631932cbd413b869117ed7f70005cfda15a20c8e0ea863515cd2b43d36ec27da84a11081e05f8caff88f3b53b5d18da0a9e49feac6376e
ssdeep: 24576:+u6Jx3O0c+JY5UZ+XC0kGso/Wayrhfq1cYDkLP1lHcTO4Rw5R2ZhgCWY:QI0c++OCvkGsUWayv2DkY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12285C092A39D81E1CE1E26B3BD1437825F3A5532063074F62FB91D5C9E630B24D1DAAF
sha3_384: 2ba31ed80bd0cb3507d155d9eaf474c16ca95f0c5f4c5861203593af94fb202e48c1ada4bb2856e3180fe84a5a1aa217
ep_bytes: e8b5d00000e97ffeffffcccccccccccc
timestamp: 2019-11-11 07:46:29


Version Info:

FileDescription: dllhst3g
OriginalFilename: RdpSa.exe
CompanyName: colorcpl
LegalCopyright: IMJPDCT
ProductName: ActionCenterCPL
ProductVersion: 313, 219, 828, 286
Translation: 0x0000 0x04b0

Trojan.AIT.Agent.W also known as:

BkavW32.AIDetect.malware1
CynetMalicious (score: 100)
FireEyeGeneric.mg.7122396c49937bf6
McAfeeArtemis!7122396C4993
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 700000111 )
K7GWTrojan ( 700000111 )
Cybereasonmalicious.c49937
CyrenW32/AutoIt.OW.gen!Eldorado
SymantecPacked.Generic.548
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.Autoit.ERJ
APEXMalicious
KasperskyTrojan.Script.Obit.gen
BitDefenderTrojan.AIT.Agent.W
MicroWorld-eScanTrojan.AIT.Agent.W
AvastAutoIt:Injector-JV [Trj]
Ad-AwareTrojan.AIT.Agent.W
SophosML/PE-A + Mal/AuItInj-A
F-SecureHeuristic.HEUR/AGEN.1245424
DrWebTrojan.AutoIt.622
VIPRETrojan.AIT.Agent.W
TrendMicroBackdoor.AutoIt.BLADABINDI.SMP
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.AIT.Agent.W (B)
IkarusTrojan.Autoit
GDataTrojan.AIT.Agent.W (2x)
AviraHEUR/AGEN.1245424
ArcabitTrojan.AIT.Agent.W
MicrosoftTrojan:Win32/Predator.BC!MTB
GoogleDetected
AhnLab-V3Win-Trojan/Autoinj03.Exp
ALYacTrojan.AIT.Agent.W
MAXmalware (ai score=88)
VBA32Trojan.Autoit.F
MalwarebytesSpyware.PasswordStealer.AutoIt
TrendMicro-HouseCallBackdoor.AutoIt.BLADABINDI.SMP
RisingTrojan.Obfus/Autoit!1.BD7E (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetAutoIt/Agent.AAJ!tr
AVGAutoIt:Injector-JV [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.AIT.Agent.W?

Trojan.AIT.Agent.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment