Categories: RansomTrojan

About “Trojan-Ransom.Win32.Agent.azfs” infection

The Trojan-Ransom.Win32.Agent.azfs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Agent.azfs virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

redirector.gvt1.com
r1—sn-4g5e6ne6.gvt1.com

How to determine Trojan-Ransom.Win32.Agent.azfs?



File Info:

crc32: F0D0A4A6md5: 3e05cdc35f300de783fcb3dcd71e4970name: 3E05CDC35F300DE783FCB3DCD71E4970.mlwsha1: abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52esha256: adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8sha512: fff156d64fcd720d2d27b3e53dccb9fb817775b11b04eae44e41bb266112f3655ced03ef3e6037748155bdd02b6d749eda778e92eb66a9362546513c48ce4775ssdeep: 98304:ocHxAWpnC6vMjoGDn8d1LqiYErL63aTrmOjaL8SIOv9r:TiWpogdVg9ltype: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Microsoft Corporation.All rights reserved.FileVersion: 10.0.18362.1CompanyName: Microsoft CorpComments: Service Host, or SvcHost is a system process that can host from one to many Windows services in the Windows NT family of operating systems. Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. This program is important for the stable and secure running of your computer and should not be terminated.ProductName: Microsoft Windows Operating SystemProductVersion: 10.0.18362.1FileDescription: Microsoft Windows Operating SystemTranslation: 0x0804 0x04b0

Trojan-Ransom.Win32.Agent.azfs also known as:

Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.35873483
McAfee Artemis!3E05CDC35F30
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.35873483
K7GW Trojan ( 0055bc761 )
K7AntiVirus Trojan ( 0055bc761 )
Arcabit Trojan.Generic.D22362CB
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan-Ransom.Win32.Agent.azfs
Alibaba Ransom:Win32/Themida.5fe16e20
AegisLab Trojan.Win32.Agent.j!c
Ad-Aware Trojan.GenericKD.35873483
Emsisoft Trojan.GenericKD.35873483 (B)
Comodo TrojWare.Win32.Agent.OSCF@5rs7jr
DrWeb Trojan.Packed.193
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.3e05cdc35f300de7
Sophos Mal/Generic-S
Ikarus Trojan.Kasidet
MAX malware (ai score=100)
Kingsoft Win32.Troj.Generic.a.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Microsoft Trojan:Win32/CryptInject!ml
ZoneAlarm Trojan-Ransom.Win32.Agent.azfs
GData Win32.Trojan.Agent.P32KUK
Cynet Malicious (score: 100)
ALYac Trojan.Ransom.Filecoder
TACHYON Ransom/W32.16x.4633408
VBA32 TScope.Malware-Cryptor.SB
Malwarebytes Trojan.MalPack.Themida
ESET-NOD32 a variant of Win32/Packed.Themida.HFL
eGambit PE.Heur.InvalidSig
Fortinet W32/PossibleThreat
BitDefenderTheta Gen:NN.ZexaF.34700.@x2@a4Slskab
AVG Win32:Trojan-gen
Cybereason malicious.e7bc93
Paloalto generic.ml
Qihoo-360 Trojan.Generic

How to remove Trojan-Ransom.Win32.Agent.azfs?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: r1---sn-4g5e6ne6.gvt1.comredirector.gvt1.comTrojan-Ransom.Win32.Agent.azfs
3 years ago

Recent Posts

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Tedy.179306 removal guide

The Tedy.179306 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago