Win32/TrojanDownloader.Agent.FZP removal guide

The Win32/TrojanDownloader.Agent.FZP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Agent.FZP virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Unconventionial language used in binary resources: Korean
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/TrojanDownloader.Agent.FZP?


File Info:
name: FB4D02CD6C83EFE34B53.mlw
path: /opt/CAPEv2/storage/binaries/f6a388f618cdde258f953654dddd12282d014dcc97d8b93c52c1504c87922ead
crc32: F63CDC47
md5: fb4d02cd6c83efe34b53ba07cd8e36ee
sha1: c11ff81767f2e67c03f225ad9f0d3e612a65a5b7
sha256: f6a388f618cdde258f953654dddd12282d014dcc97d8b93c52c1504c87922ead
sha512: e2a5fdb04e7b5ee1752a7f0b6747033629cd57d271f26812d8453ec3c415691d0b9b58b36326773ce616186f3021da6e617992c847acf8768a55c54e2841be4d
ssdeep: 192:9X3L2bX3RMOkc5kuCmF6tu/qgMJJ9Vq128LDx:9LhOHCmItkqgMhSJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0322A0FDEAB8022DB9A84704B7B87528B797C513795393B37903E0E2D322C0C89A15E
sha3_384: 25d53f13478238d71ae018e5466136cf690a6c96f9dfbbd9faba8f8d41dbb99018036f8c69e885123e3b7f80b5eae3a1
ep_bytes: e878040000e936fdffff8bff558bec81
timestamp: 2022-01-03 00:46:46

Version Info:
FileVersion: 1, 0, 0, 1
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Win32/TrojanDownloader.Agent.FZP also known as:

Lionic	Trojan.Win32.Witch.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.fb4d02cd6c83efe3
Cylance	Unsafe
K7AntiVirus	Trojan-Downloader ( 0058c41c1 )
Alibaba	TrojanDownloader:Win32/Witch.b5187123
K7GW	Trojan-Downloader ( 0058c41c1 )
Cybereason	malicious.767f2e
BitDefenderTheta	Gen:NN.ZexaCO.34114.aq0@aaHvH3aO
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.FZP
TrendMicro-HouseCall	Mal_DLDER
Kaspersky	HEUR:Trojan.Win32.Witch.gen
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.10cfcc75
Sophos	Mal/Generic-S
DrWeb	Trojan.Siggen16.21430
TrendMicro	Mal_DLDER
McAfee-GW-Edition	GenericRXRH-NU!FB4D02CD6C83
APEX	Malicious
GData	Win32.Trojan.PSE.IQGG6H
Jiangmin	Trojan.Witch.kr
Avira	TR/Dldr.Agent.shebz
Antiy-AVL	Trojan/Generic.ASMalwS.34FB977
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Dlder.R462261
McAfee	GenericRXRH-NU!FB4D02CD6C83
VBA32	suspected of Trojan.Downloader.gen
Malwarebytes	Malware.AI.2456622297
Rising	Downloader.Agent!8.B23 (CLOUD)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Agent.FZP!tr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32/TrojanDownloader.Agent.FZP?

Win32/TrojanDownloader.Agent.FZP removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X