Spy

Win32/Spy.Agent.OFS removal tips

Malware Removal

The Win32/Spy.Agent.OFS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.Agent.OFS virus can do?

  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

zeng.skypetm.com.tw

How to determine Win32/Spy.Agent.OFS?


File Info:

crc32: E99316C0
md5: c0656b66b9f4180e59e1fd2f9f1a85f2
name: C0656B66B9F4180E59E1FD2F9F1A85F2.mlw
sha1: 6ff86a68e08d3a715e6e4b421eb5d6d8938cf4df
sha256: 152109806af8d2bbf9e945b81fbdf49d7168dcff1b4d454ec65a42c87ebd60ac
sha512: f9c62de258b0692fb49081177aa007fd78c81d1ae908c0cabb218d9feac2628274462735766d89642bf83bf1841ecf2034cb13f9d84ad00b1e2d18ffaa508006
ssdeep: 384:BM/DLTwMs0FjFOcvCyyYjfkaDllWUburdtR9:BM/D4Msi8cvCr4bGh
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Spy.Agent.OFS also known as:

BkavW32.AIDetect.malware2
K7AntiVirusSpyware ( 005216c81 )
LionicTrojan.Win32.Blocker.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.13979
ALYacGen:Variant.Kazy.269574
ZillyaTrojan.Blocker.Win32.28211
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Blocker.7ffd7851
K7GWSpyware ( 005216c81 )
Cybereasonmalicious.6b9f41
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Spy.Agent.OFS
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.pax
BitDefenderGen:Variant.Kazy.269574
NANO-AntivirusTrojan.Win32.Blocker.cwxrtd
MicroWorld-eScanGen:Variant.Kazy.269574
TencentWin32.Trojan.Blocker.Svqr
Ad-AwareGen:Variant.Kazy.269574
SophosMal/Generic-R + Troj/Ransom-ACC
ComodoMalware@#octjot9srf4r
BitDefenderThetaAI:Packer.03A5718E1E
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FAKEAV.ZZXX
McAfee-GW-EditionGenericRXCE-TG!C0656B66B9F4
FireEyeGeneric.mg.c0656b66b9f4180e
EmsisoftGen:Variant.Kazy.269574 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Blocker.lxs
AviraTR/Downloader.Gen
eGambitUnsafe.AI_Score_73%
Antiy-AVLTrojan/Generic.ASMalwS.435115
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Rimod!rfn
ArcabitTrojan.Kazy.D41D06
GDataGen:Variant.Kazy.269574
AhnLab-V3Trojan/Win32.Blocker.C220089
Acronissuspicious
McAfeeGenericRXCE-TG!C0656B66B9F4
MAXmalware (ai score=100)
VBA32Hoax.Blocker
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_FAKEAV.ZZXX
RisingTrojan.Generic@ML.92 (RDML:fdjg6euEyGzO8o8eL985qQ)
YandexTrojan.GenAsa!TgeIqm40JTg
IkarusTrojan.Rerol
FortinetW32/Blocker.PAX!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/Spy.Agent.OFS?

Win32/Spy.Agent.OFS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment