What is "Win32/Agent.ABVO"?

The Win32/Agent.ABVO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Agent.ABVO virus can do?

A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
Starts servers listening on 127.0.0.1:0
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Connects to an IRC server, possibly part of a botnet
Unusual version info supplied for binary

Related domains:

z.whorecord.xyz

bdns.at

k6239847.lib

a.tomx.xyz

bdns.by

bdns.pro

b-dns.se

How to determine Win32/Agent.ABVO?


File Info:
crc32: 0E09EDA6
md5: ec68fd3771c23034daae03213dff146a
name: taskhost.exe
sha1: 4475ae7150ab2d750c74a8d3551b66ec93d7b5ae
sha256: e29b6cd54925fafd1d974b5cc5abecca678d0192c429b41c778172f1f40bc607
sha512: f3f0d3d4fd6f73a4999e2e97d022090d46b5f9b8df0bc819c322f0d3a3b6778abc175c87d261a9bd45c1652a40f15ed4bb4f8bd2f01a60fcedddb8673cdfb91a
ssdeep: 12288:C3xTYSu9UDzK+W7VgRXlHbjaBUBTAEsMJRTVUGDsbAh3+vrY:C3lYSu92l1Hb6UBVRTVUGOU+vr
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: 22222222
FileVersion: 6.1.7600.16385
CompanyName: TODO: 
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: Host Process for Windows Services
OriginalFilename: taskhost.exe
Translation: 0x0009 0x04b0

Win32/Agent.ABVO also known as:

MicroWorld-eScan	Trojan.GenericKD.33788604
FireEye	Trojan.GenericKD.33788604
CAT-QuickHeal	Trojan.Reconyc
Qihoo-360	Generic/Virus.Adware.6b0
McAfee	RDN/Generic.hbg
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0056621d1 )
Alibaba	Trojan:Win32/Reconyc.d50b5ca4
K7GW	Trojan ( 0056621d1 )
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34108.QC0@a8T@XDbk
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
GData	Trojan.GenericKD.33788604
Kaspersky	Trojan.Win32.Reconyc.kdgt
BitDefender	Trojan.GenericKD.33788604
Paloalto	generic.ml
AegisLab	Trojan.Multi.Generic.4!c
Tencent	Win32.Trojan.Reconyc.Amce
Endgame	malicious (high confidence)
Sophos	Mal/Generic-S
Comodo	Malware@#epljlx28t8ge
F-Secure	Adware.ADWARE/FileFinder.Gen7
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R03FC0PE920
McAfee-GW-Edition	RDN/Generic.hbg
Emsisoft	Trojan.GenericKD.33788604 (B)
SentinelOne	DFI – Malicious PE
Cyren	W32/Trojan.EMIW-7885
Jiangmin	Trojan.Reconyc.rcj
Avira	ADWARE/FileFinder.Gen7
Antiy-AVL	Trojan/Win32.Reconyc
Arcabit	Trojan.Generic.D20392BC
ZoneAlarm	Trojan.Win32.Reconyc.kdgt
Microsoft	PUA:Win32/Vigua.A
ALYac	Trojan.GenericKD.33788604
MAX	malware (ai score=99)
Ad-Aware	Trojan.GenericKD.33788604
Malwarebytes	Trojan.Crypt
ESET-NOD32	a variant of Win32/Agent.ABVO
TrendMicro-HouseCall	TROJ_GEN.R03FC0PE920
Rising	Trojan.Agent!8.B1E (CLOUD)
Ikarus	Trojan.Win32.Agent
Fortinet	Riskware/Reconyc
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)
MaxSecure	Trojan.Malware.100945610.susgen

How to remove Win32/Agent.ABVO?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Win32/Agent.ABVO”?