Trojan

Trojan.Win32.Agentb.iods removal

Malware Removal

The Trojan.Win32.Agentb.iods is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agentb.iods virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes its original binary from disk

How to determine Trojan.Win32.Agentb.iods?



File Info:

name: 0C17DCE60EB8C53B8FA0.mlw
path: /opt/CAPEv2/storage/binaries/724e6f19b7a272b87fb43f4fc1013f4f744d597959b4a187bea0f7326c903747
crc32: B42FC068
md5: 0c17dce60eb8c53b8fa0235fb3ee100a
sha1: 2d7d7b05c5923f450d94c536baff78a96e01addc
sha256: 724e6f19b7a272b87fb43f4fc1013f4f744d597959b4a187bea0f7326c903747
sha512: 5c441c181ceeb600431dd1ed254b35842413240071a07c1918e2db0deefc85dc6e2f4bda67d4a4e92cf85681cb8c49456f60e66ff80a410ba166c05500c979a6
ssdeep: 98304:ESWINPRRlG4saIpu3N44WEXP9RElKHa/v:Ec15zSrn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE06D002E1E144B1C32D96387DA71B387D38AE054D30896BE7D4EE799E77251B23B21E
sha3_384: 4129965f68389878831d7042a909000aa64fccc9c3d5f102b351576c0eef7bd6db245c9df76d83e8f9e31239b8449bf5
ep_bytes: 558bec6aff68e8ca4e006884934b0064
timestamp: 2016-11-14 05:41:23


Version Info:

FileVersion: 1.0.0.0
FileDescription: Windows 配置程序
ProductName: Windows 核心进程
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.dywt.com.cn)
Translation: 0x0804 0x04b0

Trojan.Win32.Agentb.iods also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.392985
FireEyeGeneric.mg.0c17dce60eb8c53b
CAT-QuickHealTrojanpws.Qqpass.16554
McAfeeGenericR-JDE!0C17DCE60EB8
CylanceUnsafe
ZillyaTrojan.Agentb.Win32.20392
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.60eb8c
CyrenW32/QQhelper.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Flyagent.NGX
APEXMalicious
ClamAVWin.Malware.Gotango-7000352-0
KasperskyTrojan.Win32.Agentb.iods
BitDefenderGen:Variant.Zusy.392985
NANO-AntivirusTrojan.Win32.Flyagent.fhclnf
AvastWin32:Malware-gen
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Zusy.392985
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
DrWebTrojan.PWS.Wsgame.53171
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
EmsisoftGen:Variant.Zusy.392985 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Agentb.isf
eGambitUnsafe.AI_Score_100%
AviraTR/Redcap.vbmbn
Antiy-AVLTrojan/Generic.ASMalwS.1C8CFC8
MicrosoftTrojan:Win32/Flystudio.DA!MTB
ArcabitTrojan.Zusy.D5FF19
GDataWin32.Trojan.Flyagent.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agentb.R209411
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.Zt3@aqshzuhb
ALYacGen:Variant.Zusy.392985
MAXmalware (ai score=84)
VBA32BScope.Trojan.Dynamer
MalwarebytesTrojan.MalPack.FlyStudio
YandexTrojan.Agentb!C7cIw/I4aU8
IkarusTrojan.Win32.FlyAgent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Flyagent.NGX!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Win32.Agentb.iods?

Trojan.Win32.Agentb.iods removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment