Trojan

Trojan-Dropper.Win32.Agent.tettvg removal instruction

Malware Removal

The Trojan-Dropper.Win32.Agent.tettvg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.Win32.Agent.tettvg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Exhibits possible ransomware file modification behavior
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Dropper.Win32.Agent.tettvg?



File Info:

name: 56D3789584B2884F7F0E.mlw
path: /opt/CAPEv2/storage/binaries/b4fd0af7b30b7d7a9822a9c82d9677292ab1d6049426920977abc29a360df5a7
crc32: 39ED67EB
md5: 56d3789584b2884f7f0ee156b8d0ab74
sha1: e76f8cc2ae5ea147b340d10b5c6f8cc079672687
sha256: b4fd0af7b30b7d7a9822a9c82d9677292ab1d6049426920977abc29a360df5a7
sha512: 819ad51261d71b00f19cf2cd44ee4930e51fb1e4122838c1ca01b8fb3e797999e4e9423cdd524dad4762dfffd02e94d9d34484fc472f45b2de4d5ee527ae06b4
ssdeep: 196608:9+gqLKB2pHctsSzFVxoROo+aQTiNNpQLoRZSg:9+jOB2p8tVzvQlQ2NTr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC66E130768BC52BD5A605B15A3CDB9F51687FB60F7290D7A3E42E6E05B48C31232E27
sha3_384: 273902dfe69348722688775d8f5894a54f29b4a5658053165a4a695aad46e3305463aa3d052ba0baa546a5e846e42ffb
ep_bytes: e86c060000e97afeffffcccccccccc51
timestamp: 2021-07-27 13:39:02


Version Info:

CompanyName: Dynamic Applications
FileDescription: DUIForms Builder Installer
FileVersion: 3.0.0.5
InternalName: DUIFormsBuilder
LegalCopyright: Copyright (C) 2021 Dynamic Applications
OriginalFileName: DUIFormsBuilder.exe
ProductName: DUIForms Builder
ProductVersion: 3.0.0.5
Translation: 0x0409 0x04b0

Trojan-Dropper.Win32.Agent.tettvg also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.b!c
DrWebTrojan.Packed2.43705
MicroWorld-eScanTrojan.GenericKD.47496068
FireEyeTrojan.GenericKD.47496068
McAfeeArtemis!56D3789584B2
K7AntiVirusTrojan ( 0056e5201 )
AlibabaTrojanDropper:Win32/DangerousSig.a0e83d1a
K7GWTrojan ( 0056e5201 )
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002C0WKT21
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Agent.tettvg
BitDefenderTrojan.GenericKD.47496068
AvastWin32:DangerousSig [Trj]
TencentWin32.Trojan-dropper.Agent.Sxyh
Ad-AwareTrojan.GenericKD.47496068
EmsisoftTrojan.GenericKD.47496068 (B)
TrendMicroTROJ_GEN.R002C0WKT21
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
IkarusTrojan-Spy.Win32.CoinStealer
GDataTrojan.GenericKD.47496068
WebrootW32.Trojan.GenKD
AviraTR/Agent.yegwk
MAXmalware (ai score=81)
KingsoftWin32.Troj.Agent.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Tnega!ml
CynetMalicious (score: 99)
VBA32TrojanDropper.Agent
ALYacTrojan.GenericKD.47496068
YandexTrojanSpy.Stealer!vfbiB48MZEM
FortinetW32/NDAoF
AVGWin32:DangerousSig [Trj]
PandaTrj/CI.A

How to remove Trojan-Dropper.Win32.Agent.tettvg?

Trojan-Dropper.Win32.Agent.tettvg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment