Trojan

Trojan.Win32.Agent.nevlui removal guide

Malware Removal

The Trojan.Win32.Agent.nevlui is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.nevlui virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.Win32.Agent.nevlui?



File Info:

name: 878330A01F6B764058EE.mlw
path: /opt/CAPEv2/storage/binaries/787c4712fb041e530c117f7551eb41222c38b8ada79d2be18bd903c005f61f60
crc32: C19C2D4C
md5: 878330a01f6b764058ee7a0bb81655cc
sha1: 6b5fa22b33c0cd8bcc0acd4b268621844aa56aca
sha256: 787c4712fb041e530c117f7551eb41222c38b8ada79d2be18bd903c005f61f60
sha512: 668cee23c981219cf212384306696fceb2362752aa31270dc64387a954a190d81d1b06e553d5bc8932e87e4cf67066e8c746cf18732714f6784efe24246c5bbf
ssdeep: 49152:4IxzLHIIaGZ+EJTkQiona22xxa5+lSW6OkG3V4LUuWKkAZTw:OIaW+YTkQiona22bplSW6wl4YuWKkAFw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C3759E303AA1D4B6C23B3631969D92BAB7B9D5304D35064766E18E3C6F34683993C36F
sha3_384: be9368b0f8cc9f13b205def6e63f4592bc4ed72fbb3f58372ac16522799e821c7c5d08e8f86e7de3e8fa7121b2a48708
ep_bytes: e8076c0000e989feffff3b0d80855600
timestamp: 2014-09-26 08:16:55


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Media Player
FileVersion: 12.0.7601.18150 (win7sp1_gdr.130509-1534)
InternalName: wmplayer.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: wmplayer.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 12.0.7601.18150
Translation: 0x0409 0x04b0

Trojan.Win32.Agent.nevlui also known as:

AVGWin32:Malware-gen
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Mikey.102024
FireEyeGen:Variant.Mikey.102024
ALYacGen:Variant.Mikey.102024
CylanceUnsafe
VIPREGen:Variant.Mikey.102024
K7AntiVirusTrojan ( 0012e7911 )
K7GWTrojan ( 0012e7911 )
CrowdStrikewin/malicious_confidence_90% (W)
VirITTrojan.Win32.Agent5.DIF
CyrenW32/Agent.EVV.gen!Eldorado
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32Win32/Agent.RLQ
CynetMalicious (score: 99)
APEXMalicious
KasperskyTrojan.Win32.Agent.nevlui
BitDefenderGen:Variant.Mikey.102024
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10d09e78
Ad-AwareGen:Variant.Mikey.102024
DrWebTrojan.MulDrop7.45234
ZillyaTrojan.Agent.Win32.500771
McAfee-GW-EditionBehavesLike.Win32.Generic.th
EmsisoftGen:Variant.Mikey.102024 (B)
GDataGen:Variant.Mikey.102024
JiangminTrojanDropper.Dapato.aaks
AviraHEUR/AGEN.1243166
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.3C54
ArcabitTrojan.Mikey.D18E88
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Agent.R507578
McAfeeGenericR-CYA!878330A01F6B
TACHYONTrojan/W32.Agent.1588224.O
MalwarebytesMalware.AI.4005879177
RisingBackdoor.Miniduke!8.4821 (TFE:5:dlTEAVhu6dL)
YandexTrojan.Agent!3N8LoGNPzKQ
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.12026031.susgen
FortinetW32/Agent.RLQ!tr
Cybereasonmalicious.01f6b7
PandaTrj/GdSda.A

How to remove Trojan.Win32.Agent.nevlui?

Trojan.Win32.Agent.nevlui removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment