How to remove “Trojan-Downloader.Win64.Farfli.fa”?

The Trojan-Downloader.Win64.Farfli.fa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Downloader.Win64.Farfli.fa virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (1 unique times)
Dynamic (imported) function loading detected
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Trojan-Downloader.Win64.Farfli.fa?


File Info:
name: 672478D68E3FE1702932.mlw
path: /opt/CAPEv2/storage/binaries/d9a276b79c449fa4720853866e14447e2155e4293d15908fd93b696a6d3a5338
crc32: 1DF4FB57
md5: 672478d68e3fe170293226e64ffe1d42
sha1: 1c9c8871cf6d7c43a0f551caf9454fa292c0fad1
sha256: d9a276b79c449fa4720853866e14447e2155e4293d15908fd93b696a6d3a5338
sha512: 97d10e00c890f5165956e60e25e31a3c93437f88d0e01237facc01d44544323da3ea8078642da8c205c879f167a7237e9170c5293ff28d4ed281f72a3f3aa6db
ssdeep: 1536:i5zh8OKwuTqR80Hw7AfWz9ykYhlgh3ETH/aSxnDJ2W:idtuTA80HJfkypOdETH/aSxDJ2W
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1AC634C0BF3A045FAD4A24276CCF24A11EB72F41A9739435D53EC476E1F632939A29372
sha3_384: e9bf227dcf9be287146d9af681778245386e2e63d0e5aac6403a0bd7a57c8626b43a52a76cd993f90f1c84156315c2f6
ep_bytes: 4883ec28e8e72d00004883c428e976fe
timestamp: 2021-11-26 13:57:10

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133
FileVersion: 14.29.30133.0
InternalName: setup
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename: VC_redist.x86.exe
ProductName: Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133
ProductVersion: 14.29.30133.0
Translation: 0x0409 0x04e4

Trojan-Downloader.Win64.Farfli.fa also known as:

Lionic	Trojan.Win64.Farfli.a!c
MicroWorld-eScan	Trojan.GenericKD.47512171
FireEye	Trojan.GenericKD.47512171
McAfee	Artemis!672478D68E3F
K7AntiVirus	Trojan-Downloader ( 0058a0ee1 )
K7GW	Trojan-Downloader ( 0058a0ee1 )
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.ML
TrendMicro-HouseCall	TROJ_GEN.R002H0DKS21
Kaspersky	Trojan-Downloader.Win64.Farfli.fa
BitDefender	Trojan.GenericKD.47512171
Avast	FileRepMalware
Tencent	Win64.Trojan-downloader.Agent.Wncm
Ad-Aware	Trojan.GenericKD.47512171
Emsisoft	Trojan.GenericKD.47512171 (B)
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win64.Agent
GData	Trojan.GenericKD.47512171
Gridinsoft	Ransom.Win64.Sabsik.sa
Arcabit	Trojan.Generic.D2D4FA6B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
VBA32	TrojanDownloader.Win64.Farfli
ALYac	Trojan.GenericKD.47512171
MAX	malware (ai score=89)
Cylance	Unsafe
Rising	Downloader.Agent!1.D154 (CLASSIC)
Fortinet	W32/Malicious_Behavior.VEX
AVG	FileRepMalware
Panda	Trj/CI.A

How to remove Trojan-Downloader.Win64.Farfli.fa?

Trojan-Downloader.Win64.Farfli.fa removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X