Win32:Sg-F [Trj] removal tips

The Win32:Sg-F [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Sg-F [Trj] virus can do?

Authenticode signature is invalid
Binary file triggered YARA rule
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:Sg-F [Trj]?


File Info:
name: 88665E06929FF31CA017.mlw
path: /opt/CAPEv2/storage/binaries/ee14f866b5292d271304c8d9e9ad8d9396b072cfab2ca41e56026a70d43255ee
crc32: CFC754BB
md5: 88665e06929ff31ca017d5194665de8e
sha1: aae4b2f49ed9fab7577d1dcc56af2064069d68b1
sha256: ee14f866b5292d271304c8d9e9ad8d9396b072cfab2ca41e56026a70d43255ee
sha512: 1182640d884e6b26c4bc3a4166c90f9a350c86c097d8f1225e7d33f72eee7832f146bbc866cb5177b85c4d942a128672f74f39e1627a2032d7ab04a6d7f0d877
ssdeep: 48:iU0tg+McKBQLrhWHR0ciIsiQlP5PMDQHpyuLv6ouh7Bapole5:2M4rw0vI/lXh7BvU5
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1DD81943553C35B71D18C023A7EFF6D9D426CAE19136206CF859A08530C253CA7EB2E16
sha3_384: c988c8488cc8a75a52bde29d691d5d56457223eeedc72cf3da41946fd01c2e59def11c9c99f01c02ebfee23b8da4d9f8
ep_bytes: 558bec518b450c8945fc837dfc017402
timestamp: 2013-07-12 22:53:33

Version Info:
0: [No Data]

Win32:Sg-F [Trj] also known as:

Bkav	W32.FamVT.DebrisA.Worm
AVG	Win32:Sg-F [Trj]
MicroWorld-eScan	Gen:Variant.Jaik.157032
FireEye	Generic.mg.88665e06929ff31c
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	Downloader-FOB!88665E06929F
McAfee	Downloader-FOB!88665E06929F
Cylance	unsafe
Zillya	Worm.BundpilGen.Win32.1
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 0045a1fd1 )
K7AntiVirus	EmailWorm ( 0040f50c1 )
BitDefenderTheta	Gen:NN.ZedlaF.36802.aq4@aiTLCTb
VirIT	Trojan.Win32.Generic.BCQO
Symantec	W32.Dromedan
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Bundpil.CK
Cynet	Malicious (score: 100)
APEX	Malicious
Avast	Win32:Sg-F [Trj]
ClamAV	Win.Worm.Gamarue-6803704-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Jaik.157032
NANO-Antivirus	Trojan.Win32.Andromeda.cqkyah
Tencent	Worm.Win32.Debris.b
Emsisoft	Gen:Variant.Jaik.157032 (B)
Baidu	Win32.Worm.Agent.q
F-Secure	Worm.WORM/Gamarue.409654
DrWeb	BackDoor.Andromeda.178
VIPRE	Gen:Variant.Jaik.157032
TrendMicro	WORM_GAMARUE.SMF
Trapmine	malicious.moderate.ml.score
Sophos	W32/Gamarue-BJ
Jiangmin	Trojan/Generic.ayraq
Webroot	W32.Trojan.Gen
Varist	W32/Csyr.C.gen!Eldorado
Avira	WORM/Gamarue.409654
MAX	malware (ai score=88)
Antiy-AVL	Worm/Win32.Debris
Kingsoft	malware.kb.a.999
Microsoft	Worm:Win32/Gamarue.AB
Xcitium	Worm.Win32.Bundpil.BL@4zjaeb
Arcabit	Trojan.Jaik.D26568
ViRobot	Trojan.Win32.Agent.Gen.D
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Jaik.157032
Google	Detected
AhnLab-V3	Trojan/Win32.Agent.R74794
Acronis	suspicious
ALYac	Gen:Variant.Jaik.157032
TACHYON	Trojan/W32.Agent.4096.MY
VBA32	Worm.Debris
Malwarebytes	Bundpil.Worm.AutoRun.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	WORM_GAMARUE.SMF
Rising	Worm.Gamarue!1.9CC6 (CLASSIC)
Ikarus	Worm.Win32.Gamarue
MaxSecure	Worm.Debris.Gen
Fortinet	W32/Bundpil.AA!tr
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Gamarue.0cffbc56

How to remove Win32:Sg-F [Trj]?

Win32:Sg-F [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X