Malware

Win32:Agent-ASJO [Trj] removal tips

Malware Removal

The Win32:Agent-ASJO [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Agent-ASJO [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location

How to determine Win32:Agent-ASJO [Trj]?



File Info:

name: 8ACF00B5B340833CAFFB.mlw
path: /opt/CAPEv2/storage/binaries/2e81a71589188e47768dd10251cafd5a8679f5588dedc5e076e0fd6d28dfbcdf
crc32: F45C6285
md5: 8acf00b5b340833caffb9d7e7f632600
sha1: 4e0bbaada92f673ba8cc5486030ff9b8a3fdf4ed
sha256: 2e81a71589188e47768dd10251cafd5a8679f5588dedc5e076e0fd6d28dfbcdf
sha512: 6244a3e50a4089dc0cd4f339509a87421b5c36fbca2ab9265be7300b21ca55e221990479e97da26b783e588c49c0c72f2e6710e826418efa191d8eb6c2856dc5
ssdeep: 6144:kNzN6Nr1DYeHlqyE3BGHtuddZvMdGM9doIE5QWgB9vGzsucJ9iIOy2JCzuKHLxqu:oENl+ksddoGM9dFEK9OtcJMBlOuiam2E
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DFA42316EB2DDF90C7C26731C8E6A5FC96B16E85F84A70276D88BD8D307267059B009F
sha3_384: 103a78d0c3190e6a45cfc42ad706de8dc1a29c19cf3d4b160283f2ce98cf6988313b1a4674b5f5c598e78b0295497141
ep_bytes: 558bec6aff6880354000683622400064
timestamp: 2013-11-05 19:33:21


Version Info:

CompanyName: 
FileDescription: BitBtn MFC Application
FileVersion: 1, 0, 0, 1
InternalName: BitBtn
LegalCopyright: Copyright (C) 2002
LegalTrademarks: 
OriginalFilename: BitBtn.EXE
ProductName: BitBtn Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Win32:Agent-ASJO [Trj] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Xtrat.4!c
DrWebTrojan.DownLoader10.40762
MicroWorld-eScanTrojan.GenericKDV.1384479
FireEyeGeneric.mg.8acf00b5b340833c
CAT-QuickHealTrojanPWS.Zbot.A9
McAfeeGeneric.ru
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Remtasu.Z
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Xtrat.87a44c20
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.5b3408
BitDefenderThetaGen:NN.ZexaF.34212.Dq1@aSDGc9di
VirITTrojan.Win32.Generic.IOP
CyrenW32/Trojan.WISM-3068
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Remtasu.Z
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Xtrat.eky
BitDefenderTrojan.GenericKDV.1384479
NANO-AntivirusTrojan.Win32.Xtrat.ebauuo
AvastWin32:Agent-ASJO [Trj]
TencentWin32.Trojan.Xtrat.Edyd
Ad-AwareTrojan.GenericKDV.1384479
SophosMal/Generic-R + Troj/Xtrat-L
ComodoTrojWare.Win32.Injector.AOPO@542hyx
ZillyaTrojan.Xtrat.Win32.828
TrendMicroTROJ_XTRAT.V
McAfee-GW-EditionGeneric.ru
EmsisoftTrojan.GenericKDV.1384479 (B)
IkarusTrojan.Win32.Xtrat
GDataWin32.Trojan.Agent.JV1QZ9
JiangminTrojan.Generic.dxeau
WebrootW32.Trojan.Gen
AviraTR/Virtool.DelfInject.681
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Tgenic
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitTrojan.GenericV.D15201F
ZoneAlarmTrojan.Win32.Xtrat.eky
MicrosoftVirTool:Win32/DelfInject
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R88682
Acronissuspicious
VBA32BScope.Trojan.Xtrat
ALYacTrojan.GenericKDV.1384479
TACHYONTrojan/W32.Xtrat.482408
TrendMicro-HouseCallTROJ_XTRAT.V
RisingTrojan.Win32.Xtrat.g (CLASSIC)
YandexTrojan.GenAsa!AV5e9Pl5BSI
FortinetW32/Xtrat.EKY!tr
AVGWin32:Agent-ASJO [Trj]
PandaTrj/WLT.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32:Agent-ASJO [Trj]?

Win32:Agent-ASJO [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment