Malware

Win32/Agent.RXZ removal

Malware Removal

The Win32/Agent.RXZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.RXZ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Agent.RXZ?



File Info:

name: 01D1BBB22FD5E3F02B6D.mlw
path: /opt/CAPEv2/storage/binaries/d4c9c38105b5c04f249a0cdaec7e0d4ff6bbaf15839e7b512b14aef3feb5b52b
crc32: 89285754
md5: 01d1bbb22fd5e3f02b6dfa0cfd6f0640
sha1: e622c3823ca6206a39cbb51d9d1fcea314432d27
sha256: d4c9c38105b5c04f249a0cdaec7e0d4ff6bbaf15839e7b512b14aef3feb5b52b
sha512: 97204f17d3b22c4830611084b4fd813e4299d1278c4901fcb738944dba3d2c5cc9b45de56b0e656352a17afa717d6f1d8da24dc95af1d8efdf5eb0bcc45e743a
ssdeep: 6144:DFlvC60dLy0+/FsuSGZW+tMKnF48rLRauSTvazEf9Y24jZbZ:DFlvC60xyR/FMUW+yu4MLUdTTC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AE846C02FB649275C5E318748A53AB2525AAAEC13F30A6CF33883E4D1A395C57375F4B
sha3_384: 18cdd97ad697a6550d16208044bc3f3e5adac644173f56695801c7db8d5c2379762cb67adaa09f21480fc962118830cb
ep_bytes: 6a6068e0954400e83a120000bf940000
timestamp: 2010-09-16 21:13:22


Version Info:

FileVersion: 1.0.0.30
ProductVersion: 1.0.0.30
Translation: 0x0804 0x03a8

Win32/Agent.RXZ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.OnlineGames.5
FireEyeGeneric.mg.01d1bbb22fd5e3f0
CAT-QuickHealTrojan.OnLineGames.xi5
McAfeeStartPage-NH
CylanceUnsafe
ZillyaTrojan.OnLineGames.Win32.76494
K7AntiVirusTrojan ( 0055e3dd1 )
K7GWTrojan ( 0055e3dd1 )
Cybereasonmalicious.22fd5e
BaiduWin32.Trojan.BHO.n
CyrenW32/FakeGame.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.RXZ
APEXMalicious
ClamAVWin.Trojan.OnlineGames-65
KasperskyTrojan-Downloader.Win32.Gamup.pxb
BitDefenderGen:Variant.OnlineGames.5
NANO-AntivirusTrojan.Win32.OnLineGames.cagpw
AvastWin32:BHO-ACI [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.OnlineGames.5
EmsisoftGen:Variant.OnlineGames.5 (B)
ComodoTrojWare.Win32.BHO.EFKMNB@4ok0yf
DrWebTrojan.PWS.Wsgame.28681
VIPRETrojan.Win32.Darbyen.A (v) (not malicious)
TrendMicroTROJ_STARTP.SML2
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
SophosML/PE-A + Troj/Darbyen-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan/PSW.OnLineGames.ccgw
WebrootW32.Malware.Gen
AviraTR/BHO.efkmnb
Antiy-AVLTrojan/Generic.ASMalwS.2A4B
KingsoftHeur.SSC.43597.1216.(kcloud)
MicrosoftTrojan:Win32/BHO.EF
ViRobotTrojan.Win32.PSWIGames.381240
GDataGen:Variant.OnlineGames.5
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Onlinegamehack21.Gen
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.xu2@aSPaOEeb
MAXmalware (ai score=81)
VBA32TrojanPSW.OnLineGames.xg
MalwarebytesMalware.AI.3661604243
TrendMicro-HouseCallTROJ_STARTP.SML2
RisingBackdoor.Agent!1.69D8 (CLASSIC)
IkarusTrojan.Win32.StartPage
FortinetW32/ZLob.AAAA!tr.dldr
AVGWin32:BHO-ACI [Trj]
PandaTrj/Lineage.LOE
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureDownloader.Gamup.qmq

How to remove Win32/Agent.RXZ?

Win32/Agent.RXZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment