About “VBA/TrojanDownloader.Agent.UQV” infection

Malware Removal

The VBA/TrojanDownloader.Agent.UQV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VBA/TrojanDownloader.Agent.UQV virus can do?

  • Injection (inter-process)
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • A potential decoy document was displayed to the user
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine VBA/TrojanDownloader.Agent.UQV?


File Info:

crc32: 428B2049
md5: 17485cb1c1ed12d50b58ce0511df1d35
name: upload_file
sha1: abeb0fdb2497347ca5d593a3c049f886eb0ccfe4
sha256: ecdbff79180b1bcb2e1c94358c866f84a5be25ad30247c37d0e9987de825a558
sha512: e08c3c8be98de8678f9483917afeb11dbaafe01483872781ce88bd3f74ed48adca0a504f519078b6ef93d92e587ec2ae1083d869b424bd5b630be4067f0b93fc
ssdeep: 12288:L2+NJ9+Y+2yy/RdV6jlWRKTZg1VAhO8M0KiTj:L2+NJ9+YgqP4BgeZWA7pKiTj
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: Dell, Last Saved By: Dell, Create Time/Date: Wed Oct 14 22:54:17 2020, Last Saved Time/Date: Wed Oct 14 22:54:17 2020, Security: 0

Version Info:

0: [No Data]

VBA/TrojanDownloader.Agent.UQV also known as:

Elasticmalicious (high confidence)
DrWebExploit.Siggen2.48613
CAT-QuickHealXMLS.VBAPurging.38956
ESET-NOD32VBA/TrojanDownloader.Agent.UQV
KasperskyHEUR:Trojan-Downloader.Script.Generic
McAfee-GW-EditionBehavesLike.OLE2.Downloader.gb
SentinelOneDFI – Suspicious OLE
ArcabitHEUR.VBA.CG.1
ZoneAlarmHEUR:Trojan-Downloader.Script.Generic
MicrosoftTrojan:Win32/Emotet!ml
TACHYONTrojan/XF.PS.Gen
ZonerProbably Heur.W97ShellB
IkarusWin32.Outbreak
FortinetVBA/Agent.BLX!tr.dldr

How to remove VBA/TrojanDownloader.Agent.UQV?

VBA/TrojanDownloader.Agent.UQV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment