Spy

Should I remove “Win32/Spy.Agent.PQQ”?

Malware Removal

The Win32/Spy.Agent.PQQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.Agent.PQQ virus can do?

  • Network anomalies occured during the analysis.
  • A process created a hidden window
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Spy.Agent.PQQ?


File Info:

crc32: 9F9A25DE
md5: 685f12724639f6ef24cefbc925601828
name: 685F12724639F6EF24CEFBC925601828.mlw
sha1: 72c729464832d9bc0356c0fc09f2622c43e06ae6
sha256: 3a507882d2b50c963b89af8b6f246c31d25f5f4f4f0e94b2b55eaa5fd610bf0a
sha512: a900034165767553375542868941f44c1992157d5f3c043ea4feccf2b5d2699d15697ed94d34d040f5fa4ac5223601615bb4cc4ae3a5bba10e90681d49addcaa
ssdeep: 3072:0wRYQtocSwuFx7t0H9vwsClthKLBtVxe:0lKocSwuFxZ0dYsI+B3Y
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2017
InternalName: Q8.exe
FileVersion: 1.0.0.1
CompanyName: TODO:
ProductName: TODO:
ProductVersion: 1.0.0.1
FileDescription: Windows x670dx52a1x4e3bx7a0bx5e8f
OriginalFilename: Q8.exe
Translation: 0x0804 0x04b0

Win32/Spy.Agent.PQQ also known as:

BkavW32.AIDetect.malware2
K7AntiVirusRiskware ( 0040eff71 )
LionicTrojan.Multi.Generic.4!c
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.40355893
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.40129
SangforTrojan.Win32.Tinukebot.gen!bit
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Blocker.8f911389
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.24639f
SymantecTrojan.Tinukebot.B!gm
ESET-NOD32a variant of Win32/Spy.Agent.PQQ
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.ldne
BitDefenderTrojan.GenericKD.40355893
NANO-AntivirusTrojan.Win32.Blocker.fhoihu
MicroWorld-eScanTrojan.GenericKD.40355893
TencentWin32.Trojan.Blocker.Woqh
Ad-AwareTrojan.GenericKD.40355893
SophosMal/Generic-S
ComodoMalware@#12e020mejhku7
BitDefenderThetaGen:NN.ZexaF.34050.iu0@aKmh2Pej
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeTrojan.GenericKD.40355893
EmsisoftTrojan.GenericKD.40355893 (B)
JiangminTrojan.Blocker.ivq
AviraTR/AD.TinyNuke.tmifd
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.2723DD9
MicrosoftTrojanSpy:Win32/Tinukebot.gen!bit
ArcabitTrojan.Generic.D267C835
GDataTrojan.GenericKD.40355893
AhnLab-V3Malware/Win32.Generic.C2684761
McAfeeArtemis!685F12724639
MAXmalware (ai score=86)
VBA32BScope.TrojanRansom.Blocker
MalwarebytesTrojan.Downloader
PandaTrj/GdSda.A
IkarusTrojan-Spy.Win32.Tinukebot
FortinetW32/Blocker.LDNE!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.TinyNuke.HgAASQ4A

How to remove Win32/Spy.Agent.PQQ?

Win32/Spy.Agent.PQQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment