Trojan

Trojan.Delf.Agent.AD removal

Malware Removal

The Trojan.Delf.Agent.AD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Delf.Agent.AD virus can do?

  • Executable code extraction
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan.Delf.Agent.AD?



File Info:

crc32: 27E1A912
md5: 01a8769b1316916d9cc154b7ab817d27
name: 01A8769B1316916D9CC154B7AB817D27.mlw
sha1: 35cc728a76f5a32424453d2580f7079c9d7d6ca4
sha256: 745ebc8795795aeb8eb6df4eef960dd7935a6f89c641d4548fd8f461efb8f194
sha512: 4b81ab6ef805eeeac60e9d2b4bb10d391e06d76fa3bc089f325c6659ad3ff8c9d8c21ae74cf09be58da8c46c2cfaf4cc0e4d3f73404645ed670f572b21ba01fc
ssdeep: 1536:W7itn5jsqd1NvCYqBQFyBQx2BA1xBozsvI4Q5g:35jsqRqEUBQxAA17o4Dn
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

0: [No Data]

Trojan.Delf.Agent.AD also known as:

BkavW32.AIDetect.malware2
K7AntiVirusVirus ( 005663e11 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Qqpass.9750
CynetMalicious (score: 100)
CAT-QuickHealTrojanDownloader.Geral.i8
ALYacTrojan.Delf.Agent.AD
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaWorm:Win32/Startpage.6c532e9f
K7GWVirus ( 005663e11 )
Cybereasonmalicious.b13169
BaiduWin32.Worm.FakeFolder.b
CyrenW32/Autorun.VLJX-7783
SymantecTrojan.KillAV
ESET-NOD32Win32/AutoRun.Delf.HK
APEXMalicious
AvastWin32:Malware-gen
ClamAVLegacy.Trojan.Agent-1388589
KasperskyTrojan.Win32.Agentb.adww
BitDefenderTrojan.Delf.Agent.AD
NANO-AntivirusTrojan.Win32.AutoRun.cmdgvn
ViRobotWorm.Win32.Autorun.75776.B
MicroWorld-eScanTrojan.Delf.Agent.AD
TencentTrojan.Win32.FakeFolder.pb
Ad-AwareTrojan.Delf.Agent.AD
SophosML/PE-A + Troj/PWS-BJM
ComodoWorm.Win32.Pronny.BL@4pn6lp
BitDefenderThetaAI:Packer.AC68D8241D
VIPRETrojan.Win32.Generic!BT
TrendMicroWORM_OTORUN.WCB
FireEyeGeneric.mg.01a8769b1316916d
EmsisoftTrojan.Delf.Agent.AD (B)
SentinelOneStatic AI – Malicious PE
JiangminWorm/AutoRun.acab
WebrootW32.Trojan.Agent.Gen
AviraTR/AD.Turkojan.ikyxr
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.30D3B78
KingsoftWorm.AutoRun.(kcloud)
MicrosoftTrojan:Win32/Startpage
GridinsoftTrojan.Win32.Gen.se!i
ArcabitTrojan.Delf.Agent.AD
GDataTrojan.Delf.Agent.AD
TACHYONWorm/W32.DP-AutoRun.301056
AhnLab-V3HEUR/Fakon.mwf.X1381
Acronissuspicious
McAfeeW32/Autorun.worm.bx
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Yspy
MalwarebytesSpyware.PasswordStealer
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_OTORUN.WCB
RisingWorm.Win32.FakeFolder.c (CLASSIC)
YandexTrojan.GenAsa!cFX0fiKdTsE
IkarusTrojan.Win32.HideProc
MaxSecureTrojan.Malware.1501731.susgen
FortinetW32/Autorun.BGT!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan.Delf.Agent.AD?

Trojan.Delf.Agent.AD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment