home

avgnt.exe

AntiVir Workstation

Avira GmbH

The executable avgnt.exe, “Antivirus System Tray Tool” has been detected as malware by 13 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘avgnt’.
Publisher:
Avira GmbH

Product:
AntiVir Workstation

Description:
Antivirus System Tray Tool

Version:
8.00.70.02

MD5:
3489f142a87de9ab168e2679d8116a59

SHA-1:
4df481d1c9d0f2a7e0ef3d4f7780f3f3bc604f97

SHA-256:
a4c63e6ac95bd62060726afc484c8cda5236e02ae7a675644987bd1b15f5e0d1

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/20/2024 1:32:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
5813571

avast!
Win32:Vitro
160201-0

AVG
Win32/Virut
2015.0.4522

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
10.0.0.5366

ESET NOD32
Win32/Virut.NBP virus
7.0.302.0

F-Secure
Win32.Virtob.Gen.12
5.15.21

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5087.0

Norman
Win32.Virtob.Gen.12
11.01.2016 17:30:26

Sophos
Virus 'W32/Scribble-B'
5.23

VIPRE Antivirus
Threat.4737366
46826

File size:
288 KB (294,912 bytes)

Product version:
8.00.70.02

Copyright:
Copyright © 2008 Avira GmbH. All rights reserved.

Trademarks:
AntiVir® is a registered trademark of Avira GmbH, Germany.

Original file name:
avgnt.exe

File type:
Executable application (Win32 EXE)

Language:
Indonesian (Indonesia)

Common path:
C:\Program Files\avira\antivir personaledition premium\avgnt.exe

File PE Metadata
Compilation timestamp:
9/3/2008 3:15:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:6y+BX/Xbs+4nURs4kV3ltuH9V83xHTUxwqJsH7eLTOUkcJWjEgtsUJ7I+agQzlvj:6y+BX/Njo3ltuHLgxoxwqXFEBagQzlV

Entry address:
0x477D7

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 6F, FE, FF, FF, 4B, 66, 4B, 75, FC, F6, D6, F7, D2, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, 40, 47, B0, BF, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, 87, C9, 92, 46, 68, 04, 7F, 91, BD, E8, 2C, FF, FF, FF, 89, 74, 24, 44, E8, BF, 00, 00, 00, EB, 03, 80, DF, 14, 89, 44, 24, 34, 83, E8, 04, 72, 49, 0C, 00, F7, D6, 64, A1, 18, 00, 00, 00, 85, C0, 78, 0C, 8A, D7...
 
[+]

Code size:
140 KB (143,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
avgnt

Command:
"C:\Program Files\avira\antivir personaledition premium\avgnt.exe" \min


Remove avgnt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.