| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005c7dfe1 ) | Windows | Low | 12.239.55901 |
| MD5 | af6687394c74192372289ab0a204fed8 |
| SHA256 | d040d98f78eb5e97a7c7664a2b75ec5fe922fe25e78413d4d46a04c0ab216993 |
| File Size | 18,432 bytes |
| Packer Information | N/A |
| First Seen | 29-05-2025 |
| Last Seen | 04-06-2025 |
| Aliases | MSIL/Agent_AGen.CWR |
Behavior Details
1. Creates Registry:
Adds registry data
0
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\AutoBackupLogFiles
Adds registry data
C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\System Diagnostics Host\EventMessageFile
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Open Windows registry editor.
3. Delete the registry data
0
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\AutoBackupLogFiles
4. Delete the registry data
C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\System Diagnostics Host\EventMessageFile
5. Close the Windows registry.
6. Restart the machine.