Trojan:Win32/Farfli.AW!MTB removal

The Trojan:Win32/Farfli.AW!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Farfli.AW!MTB virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Farfli.AW!MTB?


File Info:
name: B1BCDAAB097A4BB54BA1.mlw
path: /opt/CAPEv2/storage/binaries/e5a46be854e7d505494b4b21b7e2ca2df998c6b984bf2a31ae9aa6c0fd97f1ea
crc32: DBB3F5A9
md5: b1bcdaab097a4bb54ba1a43451bc1a12
sha1: 97f990e0d80184597347f2e8572b56909379e355
sha256: e5a46be854e7d505494b4b21b7e2ca2df998c6b984bf2a31ae9aa6c0fd97f1ea
sha512: 2b39a3fe969cb16022845ed086e96dde24c858eb99babdc521633c16047678bf83533ca49e1ada64c060da5c53eda6ef60976c4f25651a65648a58f2939822ca
ssdeep: 98304:HmAA2ghs4fjPqlMY73ZTtpa3QAqKTtg1MX/y5oV5Ln/oApoIEb0:GAA2gbqqu3JHogM/ySzxoI9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A4363310B5D28072C5F346320CE9EBB8967AFD754F748E8B7B94275C287E1C29A34762
sha3_384: 3c99fd9df9e2a02456a3320f2d9530a9dbb8346f604276ec6947a5a47f8359081595a7174539ad4c8658e784e54b5be1
ep_bytes: 558bec6aff68c0254100683453400064
timestamp: 2010-07-09 07:20:46

Version Info:
0: [No Data]

Trojan:Win32/Farfli.AW!MTB also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Dropped:Trojan.Cud.Gen.1
CAT-QuickHeal	Trojan.IGENERIC
Sangfor	[ARMADILLO V1.71]
CrowdStrike	win/malicious_confidence_60% (D)
Baidu	Win32.Trojan-Downloader.Agent.bh
Cyren	W32/Zegost.DY.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	multiple detections
APEX	Malicious
ClamAV	Win.Downloader.Zegost-6484584-1
Kaspersky	HEUR:Backdoor.Win32.Generic
BitDefender	Dropped:Trojan.Cud.Gen.1
NANO-Antivirus	Trojan.Win32.AVKill.ffnyft
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.116b0798
Ad-Aware	Dropped:Trojan.Cud.Gen.1
Emsisoft	Dropped:Trojan.Cud.Gen.1 (B)
DrWeb	Trojan.Miner.67
Zillya	Downloader.Agent.Win32.378842
McAfee-GW-Edition	Trojan-FJYJ!992069E55874
FireEye	Generic.mg.b1bcdaab097a4bb5
Sophos	Mal/Generic-R
SentinelOne	Static AI – Malicious PE
GData	Dropped:Trojan.Cud.Gen.1
Jiangmin	Backdoor.Generic.bgvr
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASCommon.1F4
Microsoft	Trojan:Win32/Farfli.AW!MTB
McAfee	GenericRXAA-AA!B1BCDAAB097A
VBA32	BScope.Trojan.Miner
Malwarebytes	Malware.AI.3771948986
Rising	Trojan.XMR-Miner!1.B3E7 (C64:YzY0OgXmDfSdITJ/Aw)
Yandex	Trojan.GenAsa!Dh+j5vjAx6I
Ikarus	Trojan.Win32.Farfli
MaxSecure	Trojan.Malware.7175203.susgen
BitDefenderTheta	AI:Packer.700F56BD1E
AVG	Win32:Malware-gen
Cybereason	malicious.b097a4

How to remove Trojan:Win32/Farfli.AW!MTB?

Trojan:Win32/Farfli.AW!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X