VBA/TrojanDownloader.Agent.UFY removal

Malware Removal

The VBA/TrojanDownloader.Agent.UFY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VBA/TrojanDownloader.Agent.UFY virus can do?

  • The office file contains 2 macros
  • The office file contains a macro with auto execution
  • The office file contains anomalous features
  • The office file contains a macro with suspicious strings

Related domains:

z.whorecord.xyz

How to determine VBA/TrojanDownloader.Agent.UFY?


File Info:

crc32: 7FD7C47B
md5: a79efaf83bb12d502c1a391dbbf27065
name: upload_file
sha1: cffb85341e765e7575dc41f5f2f6231625121527
sha256: fe6df9e2fcfce73089b965934808ae4997a27be93a4f7deea34ca99e0f8b2a1a
sha512: e701468291159e873df0b5f27721e6894043c44cb6c5c68ac81c870592541c38b1d3ef8eab60e9b9aea38176e99a2489e3ea05980f2f6178f52541ce0e4abbff
ssdeep: 3072:o4PrXcuQuvpzm4bkiaMQgAlSwUmFazEnmhjswJ6:FDRv1m4bnQgISw7vmJswJ6
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Cumque., Author: Benjamin Le roux, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Aug 19 18:17:00 2020, Last Saved Time/Date: Wed Aug 19 18:17:00 2020, Number of Pages: 2, Number of Words: 5, Number of Characters: 30, Security: 0

Version Info:

0: [No Data]

VBA/TrojanDownloader.Agent.UFY also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanW97m.Downloader.IXT
FireEyeW97m.Downloader.IXT
CAT-QuickHealOLE.Emotet.38786
ALYacW97m.Downloader.IXT
VIPRETrojan-Downloader.W97M.Agent.jc (v)
AegisLabTrojan.MSOffice.SAgent.4!c
InvinceaTroj/DocDl-AAGM
CyrenW97M/Downldr.IE.gen!Eldorado
SymantecW97M.Downloader
TrendMicro-HouseCallTrojan.W97M.POWLOAD.THHBOBO
ClamAVDoc.Malware.Sagent-9401419-0
KasperskyHEUR:Trojan.MSOffice.SAgent.gen
BitDefenderW97m.Downloader.IXT
NANO-AntivirusTrojan.Script.Downloader.htfcpy
RisingTrojan.Downloader!1.CAAF (CLASSIC)
Ad-AwareW97m.Downloader.IXT
F-SecureMalware.W97M/Agent.3758011
DrWebExploit.Siggen2.24702
TrendMicroTrojan.W97M.POWLOAD.THHBOBO
SophosTroj/DocDl-AAGM
IkarusTrojan-Downloader.VBA.Emotet
AviraW97M/Agent.3758011
MAXmalware (ai score=100)
Antiy-AVLTrojan[Downloader]/MSOffice.Agent.ucn
MicrosoftTrojanDownloader:O97M/Emotet.CSK!MTB
ArcabitW97m.Downloader.IXT
ZoneAlarmHEUR:Trojan.MSOffice.SAgent.gen
GDataW97m.Downloader.IXT
CynetMalicious (score: 85)
AhnLab-V3Downloader/DOC.Emotet.S1279
McAfeeW97M/Downloader.ddv
VBA32TrojanDownloader.O97M.Emotet.CSK
ZonerProbably Heur.W97Obfuscated
ESET-NOD32VBA/TrojanDownloader.Agent.UFY
TencentHeur.Macro.Generic.j.62bd02b
FortinetVBA/Agent.K!tr.dldr
AVGSNH:Script [Dropper]
PandaW97M/Downloader.DDE
Qihoo-360virus.office.qexvmc.1065

How to remove VBA/TrojanDownloader.Agent.UFY?

VBA/TrojanDownloader.Agent.UFY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment