Malware

How to remove “VBS:Agent-DD [Trj]”?

Malware Removal

The VBS:Agent-DD [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VBS:Agent-DD [Trj] virus can do?

  • At least one process apparently crashed during execution
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine VBS:Agent-DD [Trj]?



File Info:

name: 973B31527B653BCA36F3.mlw
path: /opt/CAPEv2/storage/binaries/0d0219ab3e489707106075ed48f1233b8118b6e9689944590c8c1e975522e879
crc32: 56A560B7
md5: 973b31527b653bca36f39e39832473b6
sha1: 35336416e11217ec70c8ea267483ace7e934a3ea
sha256: 0d0219ab3e489707106075ed48f1233b8118b6e9689944590c8c1e975522e879
sha512: b9d7ad13f29c01a14519e209d2bfb2691973c0a24f412c49d0ebbb50f01e35af8d93bee3100cf87e168eddb7218bb014f2d7d56fd69b092b0607a3caf418b3ea
ssdeep: 3072:orR90YqQWxDV1Vsbrd/SCoOORE7vrvFwFwyf9wvGmJ8epKRHLuNToISoyMQ:oraQesbc2rvFQwe9pwKwvSoyMQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10014BE11B7C289E7D089073025FF57B7E1B8BF3127602697BB496F6A2C74093E94219B
sha3_384: 32bbdd92a017a17473c6f0dbc9bfa5c57692780a0df312fdd4614b078e390df409673fddb885726aa222e7fbcfe3ff0d
ep_bytes: 68f8124000e8bc1100ff000000000000
timestamp: 2009-03-20 16:00:40


Version Info:

Translation: 0x0804 0x04b0
ProductName: 工程1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 工程1
OriginalFilename: 工程1.exe

VBS:Agent-DD [Trj] also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanVBS.Heur2.Snake.2.37A4B9C1.Gen
FireEyeGeneric.mg.973b31527b653bca
McAfeeGenericRXAA-FA!973B31527B65
CylanceUnsafe
Cybereasonmalicious.27b653
BitDefenderThetaGen:NN.ZevbaF.34294.mm3@auwuCShb
SymantecML.Attribute.HighConfidence
KasperskyTrojan.VBS.Small.bg
BitDefenderVBS.Heur2.Snake.2.37A4B9C1.Gen
NANO-AntivirusTrojan.Script.Small.bmvoep
AvastVBS:Agent-DD [Trj]
RisingTrojan.DL.Win32.VB.zrz (CLASSIC)
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
SentinelOneStatic AI – Malicious PE
EmsisoftVBS.Heur2.Snake.2.37A4B9C1.Gen (B)
IkarusTrojan.VBS.Dropper
GDataVBS.Heur2.Snake.2.37A4B9C1.Gen
AviraVBS/Small.bga
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
ALYacVBS.Heur2.Snake.2.37A4B9C1.Gen
APEXMalicious
TencentVbs.Trojan.Small.Hsil
MAXmalware (ai score=83)
AVGVBS:Agent-DD [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove VBS:Agent-DD [Trj]?

VBS:Agent-DD [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment