Malware

Should I remove “Win32/Agent.ACMQ”?

Malware Removal

The Win32/Agent.ACMQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.ACMQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • CAPE detected the Raccoon malware family
  • Anomalous binary characteristics

How to determine Win32/Agent.ACMQ?



File Info:

name: B769E890C0F14418E7E3.mlw
path: /opt/CAPEv2/storage/binaries/bde590a115873531d139623fb9520791f3ec0db71c2770f85bf21bf911e128d4
crc32: 8DEBB1DB
md5: b769e890c0f14418e7e30574b1880081
sha1: 12f66d45bd02624359476982c7a833439705bd60
sha256: bde590a115873531d139623fb9520791f3ec0db71c2770f85bf21bf911e128d4
sha512: d3e4a60848ea4e2e5ce483680f10f38d13a7a38d8009f0e16fa52d5c8215a50151d9e0643e731e130a8986636a34edb6b3a295425385f63e07dae6968ffafdd0
ssdeep: 12288:c2WzTLiG5os1bSvhhOuaoT4E6uLigXNCVtR/DZEeKA5:c2ETGG5dGuIr9CVtR/DZEer
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T185E4BE0F1F68CE69EF0D76BA94B027856D71C91B9FE891E32E44BA1D6C71ED8507C880
sha3_384: 25507043d44ccd71718eb68c57c80d4412e0e0ea7ddae60211cedc58ff24f73cb6f895807b1d662edf8e53b95461c6d5
ep_bytes: e8f62f0000e978feffffcccccccccc8b
timestamp: 2020-11-15 15:42:23


Version Info:

CompanyName: WiseCleaner.com
FileVersion: 1.8.64.49
InternalName: indubitably mentoring
LegalCopyright: (C)
OriginalFilename: centaury P2P
ProductName: scars baseless greatest preformed
ProductVersion: 1.8.64.49
Translation: 0x0409 0x04b0

Win32/Agent.ACMQ also known as:

LionicTrojan.Win32.Dropback.b!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.44514945
FireEyeGeneric.mg.b769e890c0f14418
McAfeeArtemis!B769E890C0F1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Wacatac.C
K7AntiVirusTrojan ( 005734621 )
AlibabaTrojanDropper:Win32/Dropback.9b0f1e39
K7GWTrojan ( 005734621 )
Cybereasonmalicious.0c0f14
BitDefenderThetaGen:NN.ZexaF.34212.Rq0@ayOE91li
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ACMQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.Win32.Dropback.gen
BitDefenderTrojan.GenericKD.44514945
NANO-AntivirusTrojan.Win32.Dropback.iccosr
AvastWin32:Malware-gen
TencentWin32.Trojan-dropper.Dropback.Pfjd
Ad-AwareTrojan.GenericKD.44514945
EmsisoftTrojan.GenericKD.44514945 (B)
ComodoMalware@#n0l8xbigr5bt
DrWebTrojan.PWS.Siggen2.59849
ZillyaDropper.Dropback.Win32.97
McAfee-GW-EditionBehavesLike.Win32.Worm.jh
SophosMal/Generic-S
IkarusTrojan.Win32.Agent
GDataTrojan.GenericKD.44514945
WebrootW32.Malware.Gen
AviraTR/AD.StellarStealer.javlp
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.31084FC
ZoneAlarmHEUR:Trojan-Dropper.Win32.Dropback.gen
MicrosoftTrojan:Win32/Ymacco.AABD
CynetMalicious (score: 100)
VBA32BScope.Trojan.Razy
ALYacTrojan.GenericKD.44514945
MalwarebytesGeneric.Malware/Suspicious
RisingTrojan.Agent!8.B1E (CLOUD)
YandexTrojan.Agent!iz8KW7sgqOs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.82289326.susgen
FortinetW32/Kryptik.HHNN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Agent.ACMQ?

Win32/Agent.ACMQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment