Trojan-Dropper.Win32.Agent.tetzaa removal guide

The Trojan-Dropper.Win32.Agent.tetzaa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Dropper.Win32.Agent.tetzaa virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan-Dropper.Win32.Agent.tetzaa?


File Info:
name: 3D3B1B41CAA10B779FE7.mlw
path: /opt/CAPEv2/storage/binaries/c6e1e2a684a5c38d71d50b70ab41029168c670f298310db40c5857def4c0d4be
crc32: EEA5BD10
md5: 3d3b1b41caa10b779fe76bbe005c59a3
sha1: 602d598896aeb0b7654641ba706f09a54ca4b0a5
sha256: c6e1e2a684a5c38d71d50b70ab41029168c670f298310db40c5857def4c0d4be
sha512: 76bd693a3f1f00241f88c402f7e4d83a3af6d81d546deee35656b41368baf36cf3737b69ed806744d76a681ec7dc7d6c4801ddf5f97cdec5c48a08fe72d25cb1
ssdeep: 196608:91ObvGgNp6T57cA3fHjfIWeShXp+sK9Ypy:3OKr57JHbIWeSBpLpy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB5633067AD142BBD0B14D3A8EAFB7D0C258D65D0A646D33BB86412B1FFC9C9D46B309
sha3_384: 7a78dab25582e351937c9ee4bbe2bb3142e4763a381304c5c7c37a0cadc85b224b105036c186b2b8b931cbe3566f1ebd
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35

Version Info:
CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

Trojan-Dropper.Win32.Agent.tetzaa also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop19.27495
MicroWorld-eScan	Gen:Variant.Jaik.48175
FireEye	Gen:Variant.Jaik.48175
ALYac	Gen:Variant.Jaik.48175
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.tetzaa
K7AntiVirus	Adware ( 005693e61 )
BitDefender	Gen:Variant.Jaik.48175
K7GW	Adware ( 005693e61 )
BitDefenderTheta	Gen:NN.ZexaF.34182.@NW@aepRqRp
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Adware.Neoreklami.LP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Dropper.Win32.Agent.tetzaa
Alibaba	AdWare:Win32/Neoreklami.e3a71f63
Tencent	Win32.Trojan-dropper.Agent.Lkxv
Sophos	Generic PUA GA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.PUP.vc
Emsisoft	Gen:Variant.Jaik.48175 (B)
Avira	HEUR/AGEN.1140578
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASMalwS.351D7F2
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
ZoneAlarm	Trojan-Dropper.Win32.Agent.tetzaa
GData	Gen:Variant.Jaik.48175
Cynet	Malicious (score: 100)
McAfee	Artemis!3D3B1B41CAA1
Malwarebytes	Adware.Neoreklami
Rising	Malware.Heuristic!ET#80% (RDMK:cmRtazpIRRglSHVICvP1Maj5yM0K)
Ikarus	PUA.Neoreklami
Fortinet	Adware/Neoreklami
AVG	Win32:Adware-gen [Adw]
Avast	Win32:Adware-gen [Adw]

How to remove Trojan-Dropper.Win32.Agent.tetzaa?

Trojan-Dropper.Win32.Agent.tetzaa removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X