Malware

WinGo/Agent.BS removal guide

Malware Removal

The WinGo/Agent.BS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What WinGo/Agent.BS virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine WinGo/Agent.BS?



File Info:

name: 94DA3EBABD0670FB3038.mlw
path: /opt/CAPEv2/storage/binaries/70ee5b162f1fb88fbeea06e32148db7a495a8f45724b82389f3839e082cfc607
crc32: CF32664F
md5: 94da3ebabd0670fb30382ed872ec22ec
sha1: 96a70ae1596523bdce2abe30b0d950a5855d8698
sha256: 70ee5b162f1fb88fbeea06e32148db7a495a8f45724b82389f3839e082cfc607
sha512: 512a84483c88c6988bd4e1981375227b63480a74ea264345a07e7277c2122c13b7ba86cb79ff397148466ada934c4c58549f2ce37c222a08edbdb5c4a40b0d79
ssdeep: 24576:43fNEqbyAPedAHG81IY3r0/eZJG4ry2G75Q:4lEC2qHG8+YbJZU4rZG75
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T193A52916FCE618FAC17EF13085629362BA3174A403317BD31F9499BA1A66FE46E3D305
sha3_384: a8b590c3a4235901f5cf3fa2e247febe31bbdda3eb531eff2004de8c9670b3a61c260dd9defd99dbbfe0a4e77d6e3b6e
ep_bytes: e95bc9ffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

WinGo/Agent.BS also known as:

McAfeeArtemis!94DA3EBABD06
CylanceUnsafe
SangforSuspicious.Win32.Artemis.94DA3EBABD06
SymantecTrojan.Gen.2
ESET-NOD32a variant of WinGo/Agent.BS
AvastFileRepMalware
McAfee-GW-EditionArtemis!Trojan
APEXMalicious
MaxSecureTrojan.Malware.300983.susgen
GridinsoftRansom.Win64.Wacatac.sa
MicrosoftProgram:Win32/Uwamson.A!ml
CynetMalicious (score: 100)
MalwarebytesTrojan.Agent
IkarusTrojan.WinGo.Agent
FortinetW32/Agent.BS!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove WinGo/Agent.BS?

WinGo/Agent.BS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment