Malware

Win32/Agent.YMB removal tips

Malware Removal

The Win32/Agent.YMB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.YMB virus can do?

  • Unconventionial language used in binary resources: Indonesian
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Agent.YMB?



File Info:

name: 0E6F93D65EB2CFAA6591.mlw
path: /opt/CAPEv2/storage/binaries/0e93243e9dfd91ed5c9e76885d7a5c03c65bcbd4d07843ff591ad74bcd9d3df6
crc32: 478D3F79
md5: 0e6f93d65eb2cfaa659161e419e6da49
sha1: 59249fab01bbfd8595ea96173f053667d748dd6f
sha256: 0e93243e9dfd91ed5c9e76885d7a5c03c65bcbd4d07843ff591ad74bcd9d3df6
sha512: 50050da020e20b1839ad736014fe20d61f41928637267af88ea102ce25ddedf7b6b7fe8a60a9b6db9b5fd270a9e1623ddcd6a6a474d6648fa343f261145d9faa
ssdeep: 12288:fPBrD5lnyng20l4PpQI1gM6NmXCQWVP3TVjXAHEU/DHfSL:fPB//n8gZ4PpQI1gMoClWJTVaEU/bK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10AF46C10B781C039EDB735F54AAE626C642DBAA14BD455C763C81AFE9B396F03C3025B
sha3_384: aab1d02aca86c487740ee25affedc8c3e3e89eeed20b782054c4645868d1bacf23d81d09bd4829e321e2943899e8bfaa
ep_bytes: 8bec609ce9c7a1090000e8110000005d
timestamp: 2016-06-18 13:07:18


Version Info:

FileDescription: Microsoft System Security
FileVersion: 13.12.14.1
LegalCopyright: Copyright  © 2015
OriginalFilename: Microsoft System Security
ProductName: Microsoft System Security
ProductVersion: 14.15.7.5
Translation: 0x0421 0x04b0

Win32/Agent.YMB also known as:

BkavW32.AIDetect.malware1
AVGWin32:Evo-gen [Trj]
Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.b01bbf
ESET-NOD32a variant of Win32/Agent.YMB
APEXMalicious
KasperskyVHO:Trojan.Win32.Biodata.gen
AvastWin32:Evo-gen [Trj]
DrWebTrojan.MulDrop20.53796
FireEyeGeneric.mg.0e6f93d65eb2cfaa
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmVHO:Trojan.Win32.Biodata.gen
AhnLab-V3Malware/Win.Generic.R535546
Acronissuspicious
MalwarebytesMalware.Heuristic.1001
RisingTrojan.Generic!8.C3 (TFE:5:fI5t6hlr7cB)
SentinelOneStatic AI – Suspicious PE
BitDefenderThetaGen:NN.ZexaF.34796.Wu0@aGkIy9nO
PandaTrj/GdSda.A

How to remove Win32/Agent.YMB?

Win32/Agent.YMB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment