How to remove “Trojan.Win32.Agent.xbnvyl”?

The Trojan.Win32.Agent.xbnvyl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Agent.xbnvyl virus can do?

Sample contains Overlay data
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan.Win32.Agent.xbnvyl?


File Info:
name: B9BF7A895E7545185A8A.mlw
path: /opt/CAPEv2/storage/binaries/40f67562fe793da07966e7a46d5f83003ebb8b0828f85259d2327636c9f6d6e9
crc32: DB5D8A74
md5: b9bf7a895e7545185a8a3efd1d13507d
sha1: 64128ef9cedcf4d2db96a2e6c8f3d1acd292b8ae
sha256: 40f67562fe793da07966e7a46d5f83003ebb8b0828f85259d2327636c9f6d6e9
sha512: 317f0bd5558faea8df8979ed880904f2eee15eafe1f17c06ebc3fb268173065f3650bffaa87cb9566521d935be98b9feb4074604fac4eecaf0c2f7644be3def2
ssdeep: 3072:KbAUogI3I05UtbY5PztjRf8/ECh6PIpwnmHexVTxoaU8VYBUXVlN:KbHoG8Ut+PJjRfn0KBoa9aBUX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10AA494929C64AF45FE16453427956EBA004E7D2F66E4422C785CFA0B337399B30AFD0B
sha3_384: b844937834b4dda79399308b74302762e691396997419b82c67e8d6714e65144758df847545d2edeb6ac1b21d7070ea6
ep_bytes: 68e4914200e8eeffffff000000000000
timestamp: 2019-01-19 13:34:56

Version Info:
CompanyName: UEFI
ProductName: Kawaii-Unicorn
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Kawaii-Unicorn
OriginalFilename: Kawaii-Unicorn.exe
Translation: 0x0804 0x04b0

Trojan.Win32.Agent.xbnvyl also known as:

Bkav	W32.AIDetectMalware
AVG	Win32:Evo-gen [Trj]
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Dacic.94CCEEA9.A.B3DE2089
FireEye	Generic.mg.b9bf7a895e754518
Skyhigh	BehavesLike.Win32.Generic.gt
McAfee	GenericRXTC-TT!B9BF7A895E75
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.VBGen.Win32.1
Sangfor	Suspicious.Win32.Save.vb
K7GW	P2PWorm ( 0054717e1 )
K7AntiVirus	P2PWorm ( 0054717e1 )
BitDefenderTheta	Gen:NN.ZevbaF.36804.Dm0@auM3n0mb
VirIT	Trojan.Win32.VBUnicorn.AA
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/VBClone.E
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Generic-9967832-0
Kaspersky	Trojan.Win32.Agent.xbnvyl
BitDefender	Generic.Dacic.94CCEEA9.A.B3DE2089
NANO-Antivirus	Trojan.Win32.VB.jownbp
SUPERAntiSpyware	Trojan.Agent/Gen-Tedy
Avast	Win32:Evo-gen [Trj]
Tencent	Trojan.Win32.VB.ha
Emsisoft	Generic.Dacic.94CCEEA9.A.B3DE2089 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.MulDrop20.3145
VIPRE	Generic.Dacic.94CCEEA9.A.B3DE2089
Sophos	Troj/VB-KCP
Ikarus	Trojan.Win32.VBClone
GData	Generic.Dacic.94CCEEA9.A.B3DE2089
Jiangmin	Trojan.VB.bmcx
Varist	W32/VB.VM.gen!Eldorado
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Win32.VBClone
Kingsoft	malware.kb.a.961
Arcabit	Generic.Dacic.94CCEEA9.A.B3DE2089
ZoneAlarm	Trojan.Win32.Agent.xbnvyl
Microsoft	Trojan:Win32/Fareit.VB!MTB
Google	Detected
AhnLab-V3	Trojan/Win.Fareit.R626300
VBA32	SScope.Trojan.VB
ALYac	Generic.Dacic.94CCEEA9.A.B3DE2089
TACHYON	Trojan/W32.VB-Agent.479531.B
Cylance	unsafe
Rising	Trojan.VBClone!1.B5C7 (CLASSIC)
MAX	malware (ai score=88)
Fortinet	W32/VBClone.D!tr
DeepInstinct	MALICIOUS

How to remove Trojan.Win32.Agent.xbnvyl?

Trojan.Win32.Agent.xbnvyl removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X