Win32/RiskWare.HackTool.Agent.AO removal tips

The Win32/RiskWare.HackTool.Agent.AO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/RiskWare.HackTool.Agent.AO virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Win32/RiskWare.HackTool.Agent.AO?


File Info:
name: 6A98682DC35A0F7E1171.mlw
path: /opt/CAPEv2/storage/binaries/cee148b06e52f692d3a313b97c9742d635958608f572a0ae62b12925a2866be8
crc32: 5AD4167D
md5: 6a98682dc35a0f7e11710ec6666b21e0
sha1: bb8196d1a109f33b3755d2090f0a7a58984c0a44
sha256: cee148b06e52f692d3a313b97c9742d635958608f572a0ae62b12925a2866be8
sha512: 74e91053cad939ba4bf67709f18e9142c9d0df9fdbd6f1307037ec55c7177719427002c40fe7e15a9da3f75eb184587285bbcc4d49a5d14cd528a3c8d6fad8a8
ssdeep: 49152:cHogGsuzVpR8RasiV7nodtegbcrfJ03s38:UxuzVpR8RasenitegbcS3sM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14AA5B012F6C580F6D24A153004AB673AEB759E465F21CBC7A398FF792D32281A73714E
sha3_384: c0d9c0cc48a1de89f402c57789d16e7b4aff4f4b92f92cbb73bdf4a6857aaa52061a6af4e79f3226d0b6165d3b128e88
ep_bytes: 558bec6aff6898f35d0068b42a4a0064
timestamp: 2022-07-14 16:56:28

Version Info:
FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Win32/RiskWare.HackTool.Agent.AO also known as:

Bkav	W32.AIDetect.malware2
tehtris	Generic.Malware
FireEye	Generic.mg.6a98682dc35a0f7e
Cylance	Unsafe
Sangfor	[ARMADILLO V1.71]
K7AntiVirus	Trojan ( 005246d51 )
K7GW	Adware ( 004b87ea1 )
Cybereason	malicious.1a109f
Cyren	W32/A-2521f541!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/RiskWare.HackTool.Agent.AO
APEX	Malicious
ClamAV	Win.Malware.Flystudio-9752414-0
Kaspersky	UDS:Trojan.Win32.Packed.ag
Avast	Win64:Trojan-gen
Tencent	Win32.Trojan.Packed.Wqxc
Sophos	Mal/Generic-S
Comodo	Worm.Win32.Dropper.RA@1qraug
DrWeb	Trojan.MulDrop20.21640
McAfee-GW-Edition	BehavesLike.Win32.Generic.vh
Trapmine	malicious.moderate.ml.score
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.PSE.15MID6N
Jiangmin	Trojan/Generic.babyk
Antiy-AVL	Trojan/Generic.ASCommon.FA
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!6A98682DC35A
VBA32	BScope.Trojan.Downloader
Malwarebytes	PUP.Optional.ChinAd
TrendMicro-HouseCall	TROJ_GEN.R035H0CGH22
Rising	HackTool.Agent!1.B2A6 (CLASSIC)
Ikarus	PUA.FlyStudio
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.65CA!tr
BitDefenderTheta	Gen:NN.ZexaF.34786.ks0@aK0qK8fb
AVG	Win64:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Win32/RiskWare.HackTool.Agent.AO?

Win32/RiskWare.HackTool.Agent.AO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X