Trojan

Trojan.Win32.Agentb.kdne removal guide

Malware Removal

The Trojan.Win32.Agentb.kdne is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agentb.kdne virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A named pipe was used for inter-process communication
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine Trojan.Win32.Agentb.kdne?



File Info:

name: B983CAE6FE817CEB34CC.mlw
path: /opt/CAPEv2/storage/binaries/06ffe25e8cc096bcb8bdcc863fb650dc001b4e6c8258615f4722fcd81fb7e884
crc32: 2E4AE75C
md5: b983cae6fe817ceb34cc0c42326f3764
sha1: c5aea1fea7b2d948d1ead6b8fe6706962f38582d
sha256: 06ffe25e8cc096bcb8bdcc863fb650dc001b4e6c8258615f4722fcd81fb7e884
sha512: c7fc54d80105e79b17268aafa68d444b5661ab6f648970545f05b5b1eae54520e4575809d0564bc6fb7d10102377701d53edf1b284cb2383392f5c04028f2879
ssdeep: 12288:RzNB0JfiwSdYSui8zZH94I3H1v1XEWRYdlHkLhmvqnqamlTwAA2iVK4NTnMpzey:dNsfiTdYSuVzZH9tH1v18oNZy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C6E47C3265619032E6F10277A92C96303D2CAF3C175489AAE2C2BD0D7EB45856FF725F
sha3_384: e9479f9515e570eb8f5e08e6c6e07e4f264c7a2221b49881519b80220fe7beb1bf2d0aecf8e8349d5b596edc2f9bfc36
ep_bytes: e83a050000e97afeffffcccccccccc8b
timestamp: 2019-09-17 05:33:38


Version Info:

CompanyName: Sigma Software
FileDescription: NetShield Kit 1.3.40.0
FileVersion: 1.3.40.0
InternalName: setup
LegalCopyright: 2020 (c) Sigma Software
OriginalFilename: nsk-win32-bundle.exe
ProductName: NetShield Kit 1.3.40.0
ProductVersion: 1.3.40.0
Translation: 0x0409 0x04e4

Trojan.Win32.Agentb.kdne also known as:

LionicTrojan.Win32.Agentb.4!c
MicroWorld-eScanTrojan.GenericKD.38124140
FireEyeTrojan.GenericKD.38124140
McAfeeArtemis!B983CAE6FE81
CylanceUnsafe
AlibabaTrojan:Win32/Redcap.b39a103d
CyrenW32/Agent.DHL.gen!Eldorado
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002H0CKQ21
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agentb.kdne
BitDefenderTrojan.GenericKD.38124140
AvastWin32:Malware-gen
TencentWin32.Trojan.Agentb.Pgwh
Ad-AwareTrojan.GenericKD.38124140
McAfee-GW-EditionBehavesLike.Win32.BadFile.bh
EmsisoftTrojan.GenericKD.38124140 (B)
GDataTrojan.GenericKD.38124140
AviraTR/Redcap.pasgr
MAXmalware (ai score=80)
ArcabitTrojan.Generic.D245BA6C
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Win32.Generic.C4216070
ALYacTrojan.GenericKD.38124140
FortinetW32/AgentTB.KIJC!tr
AVGWin32:Malware-gen
MaxSecureWin.MxResIcn.Heur.Gen

How to remove Trojan.Win32.Agentb.kdne?

Trojan.Win32.Agentb.kdne removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment