About “Win32/TrojanDropper.Agent.QEG” infection

The Win32/TrojanDropper.Agent.QEG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDropper.Agent.QEG virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Win32/TrojanDropper.Agent.QEG?


File Info:
name: 29E6EC436FDD25D454C5.mlw
path: /opt/CAPEv2/storage/binaries/c3d87a779e29b57fda8a6497057a22ab3650925d44608d317f53b4cc9b7dcaca
crc32: C47EA095
md5: 29e6ec436fdd25d454c56de309b84ea0
sha1: 610c0ccc4e77574a97a91876865f1fbfd02d5ace
sha256: c3d87a779e29b57fda8a6497057a22ab3650925d44608d317f53b4cc9b7dcaca
sha512: 7491413d27dc7ea51195ec0abc484f14fa864e8e000c73e30d8bedd796110539e26ea980b7db02c8075bddf767ff656b096f347085ae0ebb66f0f5275ed3be91
ssdeep: 3072:JA1NfMCAfMOu450QI1VAJzeLUmFL+02cc+KrXoXNhvWyL:GPAfMOuxQgVAJqLC/vxLmNpWg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T162043B1A3EE944B3E2BB863098E10673A575BC612F518DCB0786735D4D376C2B931A3E
sha3_384: b4aaa516a3168eba2e8897d34e93b7507b7cd3a653ddee91d6375298bda5ba989a0855985e93bc6f4d576439062de152
ep_bytes: 81ec2c050000b98200000033c0535657
timestamp: 2011-11-10 09:49:09

Version Info:
CompanyName: 
FileDescription: barconn Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: barconn
LegalCopyright: 版权所有 (C) 2012
LegalTrademarks: 
OriginalFilename: barconn.EXE
ProductName: barconn 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Win32/TrojanDropper.Agent.QEG also known as:

DrWeb	Trojan.MulDrop4.50492
MicroWorld-eScan	Gen:Variant.Graftor.Elzob.18537
FireEye	Generic.mg.29e6ec436fdd25d4
ALYac	Gen:Variant.Graftor.Elzob.18537
Cylance	Unsafe
Sangfor	[ARMADILLO V1.71]
K7AntiVirus	Trojan ( 0040f8091 )
Alibaba	TrojanDropper:Win32/Graftor.f245e45a
K7GW	Trojan ( 0040f8091 )
Cybereason	malicious.36fdd2
BitDefenderTheta	Gen:NN.ZexaF.34606.kq3@aamCybpb
VirIT	Trojan.Win32.Generic.BAPT
Cyren	W32/Koutodoor.J.gen!Eldorado
Symantec	Trojan.ADH
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.QEG
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Graftor.Elzob.18537
NANO-Antivirus	Trojan.Win32.Agent.cqobfq
Avast	Win32:Dropper-gen [Drp]
Tencent	Trojan.Win32.TinyDropper.ac
Ad-Aware	Gen:Variant.Graftor.Elzob.18537
Emsisoft	Gen:Variant.Graftor.Elzob.18537 (B)
Comodo	TrojWare.Win32.Dropper.FEWS@4yt89b
Baidu	Win32.Trojan-Dropper.Agent.r
McAfee-GW-Edition	GenericRXJE-RF!29E6EC436FDD
Sophos	Mal/Generic-R
Ikarus	Trojan-Dropper.Win32.Agent
GData	Gen:Variant.Graftor.Elzob.18537
Jiangmin	Trojan/Siscos.btg
Avira	ADWARE/Taranis.2781
Antiy-AVL	Trojan/Generic.ASMalwS.13C39F
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	GenericRXJE-RF!29E6EC436FDD
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Download
Rising	Dropper.Agent!8.2F (CLOUD)
Yandex	Trojan.GenAsa!8VD2E0M6XsY
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Generic.AC.2113910
AVG	Win32:Dropper-gen [Drp]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Win32/TrojanDropper.Agent.QEG?

Win32/TrojanDropper.Agent.QEG removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X