Worm

How to remove “Worm:Win32/Agent.W”?

Malware Removal

The Worm:Win32/Agent.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Agent.W virus can do?

  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Worm:Win32/Agent.W?


File Info:

name: 3B2888E0AE15F4BF336D.mlw
path: /opt/CAPEv2/storage/binaries/aac9d626e67db11a8532913cf5f4f10237386c81460210bd84b7e0709109ef5b
crc32: 9B67585D
md5: 3b2888e0ae15f4bf336d0d39ca0c823a
sha1: fec5e2fe47ae8e56c67533ea0123289ee099aaa9
sha256: aac9d626e67db11a8532913cf5f4f10237386c81460210bd84b7e0709109ef5b
sha512: c084a724270d72aeb54f3aa9fdef9e1ad15600b3a9e1d30ede1a600de509a59f65ff7c5c0e97660752a130389e55ca505d7d3a9578322a82f5919df500ef83cb
ssdeep: 384:nFR1cgvxrqLwDsZ9qdcTrVTmt/ArfAKBqzaLUGLGh03C6:n+UZ5DdyTrwtWsGAoGi7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T175821891E6880AD9C29D06FC8EF2F6708871F423821E825777E89DCFA05E190C9DE9D5
sha3_384: b11de4f2487fdb5b4a45cb5e58ea8157b2fb64599aa01dd6d00e52eeb720f4b5697788aadf027e842efba00fce0280a0
ep_bytes: 5589e531c031c9fce816000000ac30d0
timestamp: 2008-06-17 22:58:16

Version Info:

0: [No Data]

Worm:Win32/Agent.W also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.3b2888e0ae15f4bf
McAfeeGenericRXCD-HW!3B2888E0AE15
CylanceUnsafe
VIPREGen:Trojan.Heur.byW@Y!4BHJgc
SangforTrojan.Win32.Save.a
Cybereasonmalicious.0ae15f
CyrenW32/Lover.B.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Lover.B
APEXMalicious
ClamAVWin.Worm.Lover-9776445-0
KasperskyEmail-Worm.Win32.Lover.a
BitDefenderGen:Trojan.Heur.byW@Y!4BHJgc
MicroWorld-eScanGen:Trojan.Heur.byW@Y!4BHJgc
AvastWin32:MalwareX-gen [Trj]
Ad-AwareGen:Trojan.Heur.byW@Y!4BHJgc
EmsisoftGen:Trojan.Heur.byW@Y!4BHJgc (B)
F-SecureHeuristic.HEUR/Malware
DrWebWin32.HLLM.Siggen.3983
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.lh
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.byW@Y!4BHJgc
JiangminWorm/Lover.a
AviraHEUR/Malware
ArcabitTrojan.Heur.E894FD
ZoneAlarmEmail-Worm.Win32.Lover.a
MicrosoftWorm:Win32/Agent.W
GoogleDetected
AhnLab-V3Trojan/Win32.Xema.C37059
Acronissuspicious
VBA32BScope.Trojan.MulDrop
ALYacGen:Trojan.Heur.byW@Y!4BHJgc
MAXmalware (ai score=81)
MalwarebytesMalware.AI.3390266454
RisingWorm.Lover!8.A6BE (TFE:2:6cttNuhVX6P)
YandexTrojan.GenAsa!zcehVw4vfxY
IkarusEmail-Worm.Win32.Lover.a
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Lover.A!tr
BitDefenderThetaAI:Packer.6C843A3A1C
AVGWin32:MalwareX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm:Win32/Agent.W?

Worm:Win32/Agent.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment