What is “Win32/Agent_AGen.BUS”?

The Win32/Agent_AGen.BUS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Agent_AGen.BUS virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Agent_AGen.BUS?


File Info:
name: 24B69FAC38BF0B00143A.mlw
path: /opt/CAPEv2/storage/binaries/7753fe8dd14a9d676a0c30e72adeffdd2f8925bab08da9f1ccb594e434888478
crc32: 84596DCC
md5: 24b69fac38bf0b00143ab70713ea67f4
sha1: 85966320c26bbf0f926f62e7eb6c1223644ddeda
sha256: 7753fe8dd14a9d676a0c30e72adeffdd2f8925bab08da9f1ccb594e434888478
sha512: e70c114f7586800f2b8da80fd3a42e144297e83c5115cae500bd4536d70756312388ab3ecac92db139c8d63a70a01bbcd4a1a11cb5c33ebb1971368e728fb3c7
ssdeep: 192:6nzasS+7S+PA6xMUMOHzhQWt2/1LR8hiBorfLDQOXK0:ozaUu96xMUMOTW5NLuhBDLDQwB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T183333C53A2DC6EFBC5D307707AF0422388B17458097E8A51A78C575FEEDAA8106393B2
sha3_384: 7e8413cf0550a67d538cb18f7aa334ca7727af5a725aa89a13e3aff545905bd3c59f67b91a3ef83078415f33eb4e2368
ep_bytes: f87304936eb8b760eb07263effcd9e2e
timestamp: 2023-07-28 10:00:00

Version Info:
FileDescription: Windows Initialization
OriginalFilename: wininit.exe
Translation: 0xffff 0x0000

Win32/Agent_AGen.BUS also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
McAfee	Artemis!24B69FAC38BF
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.0c26bb
BitDefenderTheta	Gen:NN.ZexaF.36348.dq0@a8MScYi
Cyren	W32/Backdoor.J.gen!Eldorado
Symantec	Packed.Generic.114
ESET-NOD32	a variant of Win32/Agent_AGen.BUS
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win32.Convagent.gen
NANO-Antivirus	Virus.Win32.Agent.dvixmz
Avast	Win32:TrojanX-gen [Trj]
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfee-GW-Edition	BehavesLike.Win32.BadFile.qz
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.24b69fac38bf0b00
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Agent.3RSSZU
Avira	TR/Crypt.XPACK.Gen
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5464323
Cylance	unsafe
Rising	Packer.Win32.Agent.g (CLASSIC)
Yandex	Trojan.Peed.Gen!Pac
Ikarus	Trojan-GameThief.Win32.Nilage
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.BELF!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Win32/Agent_AGen.BUS?

Win32/Agent_AGen.BUS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X