UDS:Trojan-Downloader.Win32.Agent.xxzvud removal

Malware Removal

The UDS:Trojan-Downloader.Win32.Agent.xxzvud is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What UDS:Trojan-Downloader.Win32.Agent.xxzvud virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Executed a sysinternals tool
  • CAPE detected the shellcode get eip malware family
  • Deletes executed files from disk
  • Attempts to disable System Restore
  • Adds itself to the Safe Mode boot to ensure its start
  • Modifies Image File Execution Options, indicative of process injection or persistence
  • Yara detections observed in process dumps, payloads or dropped files

How to determine UDS:Trojan-Downloader.Win32.Agent.xxzvud?

File Info:

name: 1BFCA793727E8300C1FC.mlw
path: /opt/CAPEv2/storage/binaries/8e95b2cc5666b67bf7bc5f4565c79c1c2ec01e7aa2968a0bd4f576c7076f9dc2
crc32: 14323F11
md5: 1bfca793727e8300c1fcadc2dbf2875f
sha1: af38752c0d5c2e5e66b8563e9ea6660ec4eae7ae
sha256: 8e95b2cc5666b67bf7bc5f4565c79c1c2ec01e7aa2968a0bd4f576c7076f9dc2
sha512: 12684ae1cf9094b96c5dd1c40060a3c5fd5d055f657a39286b6f798494944aa4bf5368be7dff43f9a5066453f4913088595d931e0af8604a8aff83ea7135cd82
ssdeep: 98304:4kojgQTZrF/HwAFC3Q/Zk2cSgcB5X3ypnUa1G8MRr:4koUQpF/HwjDSgcB5HypUa1kr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E163396752B94F4DAC75E705F488C97B98AACCDD2C5CF60FD8DA82CEF6612E010740A
sha3_384: f995ab360fedaac7d7d75db9801725ab34cec2d41f3b4d41f5211dd4f60837919d896f8f3301351e14f7d1d78ff059c6
ep_bytes: 60be00d042008dbe0040fdff57eb0b90
timestamp: 2009-12-05 22:50:46

Version Info:

CompanyName: Swearware
FileDescription: ComboFix NSIS Installer
InternalName: ComboFix.exe
LegalCopyright: sUBs
OriginalFileName: ComboFix.exe
ProductName: ComboFix
Translation: 0x0409 0x04e4

UDS:Trojan-Downloader.Win32.Agent.xxzvud also known as:

RisingTrojan.Generic@AI.93 (RDML:XG733v7BI0nzAxf+W0tmRw)
SophosGMER (PUA)

How to remove UDS:Trojan-Downloader.Win32.Agent.xxzvud?

UDS:Trojan-Downloader.Win32.Agent.xxzvud removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment