Trojan

TrojanBanker.Win64.Convagent removal

Malware Removal

The TrojanBanker.Win64.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanBanker.Win64.Convagent virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

Related domains:

wpad.local-net

How to determine TrojanBanker.Win64.Convagent?



File Info:

name: A49432F9878B69399BEB.mlw
path: /opt/CAPEv2/storage/binaries/ee7bd11ea427d13eb3d13b5b068a8bbf820c08407d16a622a69cdb13a8fdbdda
crc32: B3675021
md5: a49432f9878b69399bebec664b865eac
sha1: 45ed78a2e5833fd54597f6b089a52fb693c61d07
sha256: ee7bd11ea427d13eb3d13b5b068a8bbf820c08407d16a622a69cdb13a8fdbdda
sha512: 3de4cae3150d27c558ba84a2fa79d34f24bc13e01bfdc40e4939043c86919135c3b4c9eab64899b175fa6390d23cea5d460f73d9eb60ddbec3b5fa7dd1ced2fd
ssdeep: 49152:oBQhCnUUbPhzn++Z3vrOzYN/z8PcrpQiX:
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14095C190338872E7F68BE53B5330983AB26639F57A6790C89BD37F4D586EE404F24941
sha3_384: 62549cef7b68e90cef252931de8ef576de6b8e6213091a078a2b948617f256863a567d26dcbfa7a2135b4fc2b19d31b6
ep_bytes: e88b040000e98efeffff3b0d74704000
timestamp: 2021-11-22 11:05:32


Version Info:

CompanyName: TODO: 
FileDescription: Help
FileVersion: 1.0.0.1
InternalName: Help
LegalCopyright: TODO: (c) .  All rights reserved.
OriginalFilename: Help
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

TrojanBanker.Win64.Convagent also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win64.Trickster.7!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38092076
McAfeeGenericRXQW-AO!A49432F9878B
CylanceUnsafe
ZillyaTrojan.Trickster.Win32.12000
K7AntiVirusTrojan ( 0058ac2f1 )
AlibabaTrojanBanker:Win32/SpyEyes.643d2782
K7GWTrojan ( 0058ac2f1 )
CyrenW32/Trickster.N.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNKX
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Banker.Win32.Trickster.gen
BitDefenderTrojan.GenericKD.38092076
AvastWin32:BankerX-gen [Trj]
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
Ad-AwareTrojan.GenericKD.38092076
SophosML/PE-A
DrWebTrojan.KillProc2.17021
TrendMicroTROJ_GEN.R06BC0DKP21
McAfee-GW-EditionArtemis!Trojan
FireEyeTrojan.GenericKD.38092076
EmsisoftTrojan.GenericKD.38092076 (B)
GDataWin32.Trojan.PSE.1PYRF83
JiangminTrojan.Trickpak.mi
AviraTR/AD.Nekark.ielne
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.34D6555
KingsoftWin32.Troj.Banker.(kcloud)
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Generic.D2453D2C
MicrosoftTrojan:Win32/SpyEyes.RMA!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R452340
ALYacTrojan.GenericKD.38092076
VBA32TrojanBanker.Win64.Convagent
MalwarebytesTrojan.TrickBot
TrendMicro-HouseCallTROJ_GEN.R06BC0DKP21
YandexTrojan.GenKryptik!D6U5Fiq60hA
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/AGen.HY!tr
AVGWin32:BankerX-gen [Trj]
PandaTrj/GdSda.A

How to remove TrojanBanker.Win64.Convagent?

TrojanBanker.Win64.Convagent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment