Malware

Win32/PSW.Agent.OHG removal instruction

Malware Removal

The Win32/PSW.Agent.OHG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/PSW.Agent.OHG virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Steals private information from local Internet browsers
  • Attempts to modify proxy settings

How to determine Win32/PSW.Agent.OHG?



File Info:

crc32: 1E14B982
md5: 529d993c4e6f5bc22ac98160f116277e
name: adasf.exe
sha1: 9c5980d80bcbd60158637c708015744dfc9f072c
sha256: 09d0890a500d3840c71451ca07f120bbce4fb6eaf293cb805dcc5ecde0c4403c
sha512: e68d47f3c68258cd4c80cc79c24602be217e1736ded4cfb5fe3f888e8b5b83afacbd53f5f04e7d91b3c0d94729343106fb0653eec52d0197d5e5e67e07a3f3c3
ssdeep: 49152:QYKqIfmkYjh+bnfFXRr8dK/p7yO2xscTUYKpk:stfmzQXRr3h+bxscgYN
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Win32/PSW.Agent.OHG also known as:

MicroWorld-eScanGen:Variant.Ursu.689085
FireEyeGeneric.mg.529d993c4e6f5bc2
ALYacGen:Variant.Ursu.689085
BitDefenderGen:Variant.Ursu.689085
Cybereasonmalicious.c4e6f5
BitDefenderThetaGen:NN.ZexaF.32515.TDX@amSaT2mj
SymantecML.Attribute.HighConfidence
GDataGen:Variant.Ursu.689085
RisingSpyware.Agent!8.C6 (TFE:6:X6JxOzJYTlF)
Ad-AwareGen:Variant.Ursu.689085
DrWebTrojan.PWS.Stealer.27089
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
SentinelOneDFI – Suspicious PE
EmsisoftGen:Variant.Ursu.689085 (B)
APEXMalicious
Endgamemalicious (high confidence)
MicrosoftTrojan:Win32/Wacatac.B!ml
Acronissuspicious
MAXmalware (ai score=82)
VBA32BScope.Adware.MSIL.iBryte
ESET-NOD32a variant of Win32/PSW.Agent.OHG
IkarusTrojan-PSW.Agent
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM20.1.75FB.Malware.Gen

How to remove Win32/PSW.Agent.OHG?

Win32/PSW.Agent.OHG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment