Trojan

Trojan.Win32.Agent.pqks removal instruction

Malware Removal

The Trojan.Win32.Agent.pqks is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Agent.pqks virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Win32.Agent.pqks?


File Info:

name: 1E5B40B81EB0CAA33E21.mlw
path: /opt/CAPEv2/storage/binaries/54907c58a3f61b2620d9c2528314fe2dd60f4030bc97869ba06f351995730563
crc32: F585A95B
md5: 1e5b40b81eb0caa33e21cc126dea794d
sha1: 1232c9ba796a716235b06958bfc9016260a01239
sha256: 54907c58a3f61b2620d9c2528314fe2dd60f4030bc97869ba06f351995730563
sha512: b27df49f619d147be202b762ab3267819aa2d75d702216b3ea88f5b00be1bb7e1adf725a4697ba2b9125f650f884278947e7e27cfac35f0a6e4292547d3ec974
ssdeep: 1536:rnHVpNXZgzKQe9Tie7sZwHRz5PgknOJE4U3mJsWKNpSpH:bHTMCwe7Qwxz9gskE4UWJuSpH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B243E002738620ADE163BEB42EF5C30315B329A35D175664CABC7707AE319AF9B201DD
sha3_384: 9e1e8cc36745a8e3742c06538e66d3c1e84beec3b378d3712329a664c22ac52537237104923d9475c4ad6373289ccbd1
ep_bytes: 60be001041008dbe0000ffff5783cdff
timestamp: 2011-10-29 17:40:20

Version Info:

CompanyName: LIqFldual
FileDescription: eCJTEM
FileVersion: 0,0,2,5
InternalName: QXJouShWMBE
LegalCopyright: © RBsaHOHYtAO 2003-2011. All rights reserved.
OriginalFilename: iNpCNl.exe
ProductName: RPWLcMN
ProductVersion: 0,0,2,5
Translation: 0x0409 0x04e4

Trojan.Win32.Agent.pqks also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Qbot.lF20
Elasticmalicious (moderate confidence)
FireEyeGeneric.mg.1e5b40b81eb0caa3
McAfeeGenericRXAA-FA!1E5B40B81EB0
CylanceUnsafe
ZillyaTrojan.Agent.Win32.233225
K7AntiVirusPassword-Stealer ( 002ea6251 )
AlibabaVirTool:Win32/Obfuscator.189bf4db
K7GWTrojan ( 002ea6251 )
Cybereasonmalicious.81eb0c
CyrenW32/Zbot.CP.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.KFO
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agent.pqks
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.Agent.ecbsaf
SUPERAntiSpywareTrojan.Agent/Gen-Tataner
MicroWorld-eScanGen:Heur.ManBat.1
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Agent.Uwhl
Ad-AwareGen:Heur.ManBat.1
EmsisoftGen:Heur.ManBat.1 (B)
ComodoTrojWare.Win32.Agent.pqks@4o4zsl
F-SecureTrojan.TR/Spy.Zbot.25688
DrWebTrojan.Siggen3.21693
VIPREGen:Heur.ManBat.1
TrendMicroTROJ_KRYPTK.SMQG
McAfee-GW-EditionBehavesLike.Win32.Dropper.qc
Trapminesuspicious.low.ml.score
SophosML/PE-A + Troj/PWS-BUK
IkarusTrojan-PWS.Win32.Qbot
GDataGen:Heur.ManBat.1
JiangminTrojan/Agent.fauu
WebrootW32.Trojan.Gen
AviraTR/Spy.Zbot.25688
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2D
ArcabitTrojan.ManBat.1
MicrosoftTrojan:Win32/Sisproc
GoogleDetected
AhnLab-V3Trojan/Win32.Qbot.R17055
VBA32Trojan.Agent
ALYacGen:Heur.ManBat.1
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallTROJ_KRYPTK.SMQG
RisingTrojan.Injector!8.C4 (TFE:5:cqagCTQzVpE)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Crypt.AAAH!tr
BitDefenderThetaGen:NN.ZexaF.34682.dmKfaiRKIzai
AVGWin32:Evo-gen [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Agent.pqks?

Trojan.Win32.Agent.pqks removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment