Trojan

Win64/TrojanDownloader.Agent.NK removal tips

Malware Removal

The Win64/TrojanDownloader.Agent.NK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/TrojanDownloader.Agent.NK virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Win64/TrojanDownloader.Agent.NK?



File Info:

name: C398B504F74500D6A1A4.mlw
path: /opt/CAPEv2/storage/binaries/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0
crc32: 3DDDD647
md5: c398b504f74500d6a1a47f72bb45bc83
sha1: 05a33dbc4b239580748570b6d87a680c61102a11
sha256: bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0
sha512: 16423b9ada75061bac4b86d41157ca56aeadabe825e17a4c1499ac2228f12115eef91e1ea9fd96884e079649402743efb00403b801131aa9cf1bf3ec582ac10c
ssdeep: 3072:ewqAWzUGgRMFTiLuFi3QjwXLNKW2Mi37XzKPCBnVBYb6N:DZqou+JK7M2XzW+4
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T112044B42F2DD8DF7E2A35274C8A682319722B81D933683DF3250661A2DB37C44D7E766
sha3_384: 5fe1d9a3d4a649a31c56994cc5ee851cc8aa7d49a381a38bd6e17ab1e60579bd089c8963da68e7b3d3deeb89444b4dc8
ep_bytes: 4883ec28e8574900004883c428e93efd
timestamp: 2021-12-08 08:53:37


Version Info:

CompanyName: Tencent
FileDescription: 腾讯视频
FileVersion: 11.32.2015.0
InternalName: QQLive
LegalCopyright: Copyright (C) 1998 - 2021 Tencent. All Rights Reserved
OriginalFilename: QQLive.exe
ProductName: 腾讯视频
ProductVersion: 11.32.2015.0
Translation: 0x0804 0x04b0

Win64/TrojanDownloader.Agent.NK also known as:

LionicTrojan.Win32.Farfli.m!c
Elasticmalicious (high confidence)
FireEyeTrojan.GenericKD.47601563
CAT-QuickHealTrojan.Win32CiR
ALYacBackdoor.Farfli.gen
CylanceUnsafe
ZillyaDownloader.Agent.Win64.2182
SangforTrojan.Win64.Agent.NK
K7AntiVirusRiskware ( 00584baa1 )
AlibabaBackdoor:Win32/Farfli.71c7f46d
K7GWRiskware ( 00584baa1 )
CyrenW64/Trojan.NOMS-1819
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.NK
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Farfli.bxmb
BitDefenderTrojan.GenericKD.47601563
MicroWorld-eScanTrojan.GenericKD.47601563
AvastWin64:BackdoorX-gen [Trj]
TencentWin32.Backdoor.Farfli.Sxxw
Ad-AwareTrojan.GenericKD.47601563
EmsisoftTrojan.GenericKD.47601563 (B)
DrWebTrojan.DownLoader44.13046
TrendMicroTROJ_GEN.R06BC0PLB21
McAfee-GW-EditionBehavesLike.Win64.Dropper.ch
SophosMal/Generic-R + Troj/DwnLd-VD
IkarusTrojan-Downloader.Win64.Agent
GDataTrojan.GenericKD.47601563
JiangminBackdoor.Farfli.fpg
WebrootW32.Trojan.Gen
Antiy-AVLTrojan/Win64.Generic
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win64.Sabsik.sa
ArcabitTrojan.Generic.D2D6579B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.C4878985
McAfeeRDN/Generic.grp
MAXmalware (ai score=80)
VBA32Backdoor.Farfli
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTROJ_GEN.R06BC0PLB21
RisingBackdoor.Agent!1.DB48 (CLOUD)
YandexBackdoor.Farfli!xPpazZLm51U
FortinetPossibleThreat.MU
AVGWin64:BackdoorX-gen [Trj]
PandaTrj/CI.A

How to remove Win64/TrojanDownloader.Agent.NK?

Win64/TrojanDownloader.Agent.NK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment