Malware

Win32:Agent-AODV [Trj] removal

Malware Removal

The Win32:Agent-AODV [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Agent-AODV [Trj] virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Uses suspicious command line tools or Windows utilities

How to determine Win32:Agent-AODV [Trj]?



File Info:

name: 70500592D5D760BC5E25.mlw
path: /opt/CAPEv2/storage/binaries/8c0bd99361e510cfa29d02ab0456fd53a21fb712d02b7972d5f7cfa6a83e2f10
crc32: 45614411
md5: 70500592d5d760bc5e251efd9487b8cd
sha1: 562b46d1c3c001f7ba256164e80b0d4f737df654
sha256: 8c0bd99361e510cfa29d02ab0456fd53a21fb712d02b7972d5f7cfa6a83e2f10
sha512: 51ff7e26b1b3abbe755d6042f06b6fdec86016a5e91bef25c9a7933227a93e560a059ab520977eeb04e0ea845bdb5021ff3d3334475a88664c883a602fd31ed2
ssdeep: 3072:eeRe6fgPI5lIcuQuDzTf6pv1lQiYXLPxa5x0jY:eeRe4I+J1iBXNan0c
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F1E3BE198A439493E40298B0F79183D91BBC2C3B35DAA02FFF815F4586B15D9A8D1FB7
sha3_384: ab5d76160d59eda6be486f47942317fcfc12a545d21d593415a31685ccfcb5d668affd02975fce9dc982f4f02cb16f83
ep_bytes: 558bec6aff688860400068c051400064
timestamp: 2011-11-08 00:30:51


Version Info:

Comments:              
CompanyName:      
FileDescription:             
FileVersion: 2, 0, 8, 1
InternalName:         
LegalCopyright:        
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 
ProductVersion: 2, 0, 8, 1
SpecialBuild: 
Translation: 0x0410 0x04b0

Win32:Agent-AODV [Trj] also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Cripack.Gen.1
FireEyeGeneric.mg.70500592d5d760bc
CAT-QuickHealWorm.IRCBot.Gen
MalwarebytesSpyware.Zbot
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004ce5421 )
BitDefenderTrojan.Cripack.Gen.1
K7GWTrojan ( 004ce5421 )
Cybereasonmalicious.2d5d76
BitDefenderThetaGen:NN.ZexaF.34182.jq0@aON2nWc
VirITTrojan.Win32.Generic.BPOB
CyrenW32/Agent.MS.gen!Eldorado
SymantecPacked.Generic.341
ESET-NOD32Win32/Dorkbot.B
TrendMicro-HouseCallTROJ_KRYPTK.SMU3
ClamAVWin.Worm.Dorkbot-16
KasperskyWorm.Win32.Ngrbot.hel
NANO-AntivirusTrojan.Win32.NgrBot.dewzqr
ViRobotWorm.Win32.A.Ngrbot.147456
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazqlO0apOIMI3IokmLY2Al9+)
Ad-AwareTrojan.Cripack.Gen.1
EmsisoftTrojan.Cripack.Gen.1 (B)
ComodoWorm.Win32.NgrBot.HHC@4pmhqh
DrWebBackDoor.IRC.NgrBot.42
ZillyaTrojan.FakeAV.Win32.154357
TrendMicroTROJ_KRYPTK.SMU3
SentinelOneStatic AI – Malicious PE
SophosML/PE-A + W32/Dorkbot-AG
APEXMalicious
JiangminWorm/Ngrbot.agj
AviraTR/Dropper.Gen
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.1BCDB
MicrosoftTrojan:Win32/DorkBot.DU
SUPERAntiSpywareTrojan.Agent/Gen-Restlet
ZoneAlarmWorm.Win32.Ngrbot.hel
GDataTrojan.Cripack.Gen.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Buzus.R15409
VBA32BScope.Backdoor.Ruskill.1421
TACHYONTrojan/W32.FakeAV.147456.AG
CylanceUnsafe
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b70fa4
YandexTrojan.GenAsa!pazbWWGWhJA
IkarusTrojan.Win32.Jorik
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.AL!tr
AVGWin32:Agent-AODV [Trj]
AvastWin32:Agent-AODV [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32:Agent-AODV [Trj]?

Win32:Agent-AODV [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment