Categories: Trojan

How to remove “Trojan.Win32.Agent.pef”?

The Trojan.Win32.Agent.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Agent.pef virus can do?

Executable code extraction
Creates RWX memory
Mimics the system’s user agent string for its own requests
Expresses interest in specific running processes
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Deletes its original binary from disk
Attempts to remove evidence of file being downloaded from the Internet
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself
Created a service that was not started

How to determine Trojan.Win32.Agent.pef?


File Info:
crc32: 3A4CF209md5: 8db38c7f70214ee08e166cde8b9163c6name: 24v18773.exesha1: e4c7cefcf2dcac80a8a555b73a07605b93a5447csha256: 724dd5dad3c8c253663db43557712ac030b8228f9602030ff21ec61a5f9cb198sha512: 3579743c874e004c037dd4af3405ef6c588d46fc53dcb21100838c92b930be422add87deac284b1ead4d13ac94f45c78bf133c31d6edf6840cdfe673f5c7c203ssdeep: 6144:uynlP9ICFZAgfJhRCJUoF/XGm0FPrNB6VbdcGHQK0ZjUGjts1eYIGuP:uyl+mTySo52RtBiKGHMiG6UY8type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: National Prayer Breakfast as he held up newspapers blaring enormousInternalName: Portions of his unpublished book manuscriptFileVersion: 1.0.0.1CompanyName: Former national security adviser John BoltonProductName: Trump's acquittal and hasProductVersion: 1.0.0.1FileDescription: hrough his legal team Bolton suggestedOriginalFilename: He refused to testify before the Democrat-controlledTranslation: 0x0409 0x04e4

Trojan.Win32.Agent.pef also known as:

MicroWorld-eScan	Trojan.GenericKD.42356890
FireEye	Trojan.GenericKD.42356890
ALYac	Trojan.Agent.Emotet
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Multi.Generic.4!c
K7AntiVirus	Trojan ( 0056028d1 )
BitDefender	Trojan.GenericKD.42356890
K7GW	Trojan ( 0056028d1 )
TrendMicro	TrojanSpy.Win32.EMOTET.THBAABO
BitDefenderTheta	Gen:NN.ZexaF.34090.EmLfaOBoG0ei
F-Prot	W32/Emotet.AHC.gen!Eldorado
Symantec	Trojan Horse
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.SML.hp
Avast	Win32:BankerX-gen [Trj]
ClamAV	Win.Packed.Emotet-7580192-0
GData	Trojan.GenericKD.42356890
Kaspersky	HEUR:Trojan.Win32.Agent.pef
Alibaba	Trojan:Win32/Emotet.9a86fa46
NANO-Antivirus	Trojan.Win32.Kryptik.gzokcu
ViRobot	Trojan.Win32.Emotet.491739
Tencent	Win32.Trojan-banker.Emotet.Eerj
Ad-Aware	Trojan.GenericKD.42356890
Sophos	Mal/Encpk-APH
Comodo	Malware@#59vv361p1dqg
F-Secure	Trojan.TR/AD.Emotet.rfuqv
DrWeb	Trojan.DownLoader32.61292
McAfee-GW-Edition	BehavesLike.Win32.Dropper.gh
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKD.42356890 (B)
APEX	Malicious
Cyren	W32/Trojan.QCTL-4926
Jiangmin	Trojan.Banker.Emotet.nig
MaxSecure	Trojan.Malware.11417434.susgen
Avira	TR/AD.Emotet.rfuqv
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Generic.D286509A
SUPERAntiSpyware	Trojan.Agent/Gen-Emotet
ZoneAlarm	HEUR:Trojan.Win32.Agent.pef
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
AhnLab-V3	Trojan/Win32.Emotet.C3980902
McAfee	GenericRXAA-AA!8DB38C7F7021
MAX	malware (ai score=88)
Malwarebytes	Trojan.Emotet
Panda	Trj/Emotet.A
ESET-NOD32	Win32/Emotet.CD
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ikarus	Trojan-Banker.Emotet
Fortinet	W32/Emotet.JKTT!tr
Webroot	W32.Trojan.Emotet
AVG	Win32:BankerX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)