Trojan

How to remove “Win64/TrojanDownloader.Agent.CB”?

Malware Removal

The Win64/TrojanDownloader.Agent.CB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/TrojanDownloader.Agent.CB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A HTTP/S link was seen in a script or command line
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • RegSvr32 loaded a DLL related the to squiblydoo application control bypass technique
  • Attempts to modify proxy settings
  • Attempts to bypass application controls using the squiblydoo technique
  • Harvests cookies for information gathering
  • Suspicious wmic.exe use was detected

How to determine Win64/TrojanDownloader.Agent.CB?



File Info:

name: 0EFAD34212AD5CD8F636.mlw
path: /opt/CAPEv2/storage/binaries/c1db2ce909a6fa0c56bb2e4a75da31bda4444cc8b5058d3e6f0392e81600ac2b
crc32: 9A3325B8
md5: 0efad34212ad5cd8f636109121df17aa
sha1: d4657346c5a1e600837580db49b76b556082c1ff
sha256: c1db2ce909a6fa0c56bb2e4a75da31bda4444cc8b5058d3e6f0392e81600ac2b
sha512: 06a9fcbe93ce100343db8ca507ed82a688882f1ceb9740130de52be0d56c0049fa155d0ea86ed0e3a0b1fff682c33d3e1b6c938c547d71387ad8879c245ea7a4
ssdeep: 24:etGSIfDeTMDwqlKSAkEhFhs9PwZ8cZNSSj:69wZ5dEhFhstw1e
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1CA51C0C9733759F1F1681B7F0393DA84A56D36280792572C1B405886A418C6F3835FC6
sha3_384: a3b189bdc58d4124715e037c75b342f14e609a68d85691ecd7be253d3e4f317c6ca52357f449cb636fcd67f671a07a4e
ep_bytes: 4889542410894c24084883ec2833d248
timestamp: 2018-04-21 06:49:59


Version Info:

0: [No Data]

Win64/TrojanDownloader.Agent.CB also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader26.38464
MicroWorld-eScanGen:Variant.Cerbu.5663
McAfeeGenericRXFD-SR!0EFAD34212AD
CylanceUnsafe
ZillyaDownloader.Agent.Win64.410
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan-Downloader ( 0052f9f71 )
AlibabaTrojanDownloader:Win64/Generic.027b7d44
K7GWTrojan-Downloader ( 0052f9f71 )
Cybereasonmalicious.212ad5
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.CB
TrendMicro-HouseCallTROJ_GEN.R002C0PH221
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Cerbu.5663
NANO-AntivirusTrojan.Win64.Mikey.fblnsf
AvastWin32:JbossMiner-C [Trj]
TencentWin64.Trojan-downloader.Agent.Kzy
Ad-AwareGen:Variant.Cerbu.5663
EmsisoftGen:Variant.Cerbu.5663 (B)
ComodoMalware@#13u1f2hllmjq0
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PH221
McAfee-GW-EditionGenericRXFD-SR!0EFAD34212AD
FireEyeGeneric.mg.0efad34212ad5cd8
JiangminTrojan.Generic.cceij
AviraHEUR/AGEN.1108146
MAXmalware (ai score=98)
MicrosoftTrojan:Win32/Occamy.CC1
ArcabitTrojan.Cerbu.D161F
ViRobotTrojan.Win32.Z.Mikey.3072.U
GDataGen:Variant.Cerbu.5663
CynetMalicious (score: 99)
AhnLab-V3Malware/Win64.Generic.C2470676
VBA32Trojan.Downloader
ALYacGen:Variant.Cerbu.5663
TACHYONTrojan/W32.APosT.3072
YandexTrojan.Agent!I5cP3V4eDe8
IkarusTrojan-Downloader.Win64.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Mikey.1A4B!tr
AVGWin32:JbossMiner-C [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win64/TrojanDownloader.Agent.CB?

Win64/TrojanDownloader.Agent.CB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment