Dropped:Backdoor.MSIL.Agent.GD (B) removal

Malware Removal

The Dropped:Backdoor.MSIL.Agent.GD (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Dropped:Backdoor.MSIL.Agent.GD (B) virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • A process was set to shut the system down when terminated
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Creates a hidden or system file
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Dropped:Backdoor.MSIL.Agent.GD (B)?


File Info:

crc32: 28846D63
md5: eb740f772ba94f507930dc3692355191
name: EB740F772BA94F507930DC3692355191.mlw
sha1: a42fb04c0efca925b98008aed5f5be10c323a68c
sha256: 66d02c1d5598993e3662aa0584132f79e51a7786bcc2cb51223823320f5f6537
sha512: 92979c8992cb01bbd128c962a5d8b6fe61c81685722cbcfaabb4bdf78e65ba5e59b470debb112f2f305ce582d6135509a8241b1ae9597163ece1970c5ccd7c00
ssdeep: 12288:dLV6BtpmkT+LsUcwzhfLV6BtpmkTuA+eXsaDCUR:1ApfipFhjApfS7d6CUR
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Dropped:Backdoor.MSIL.Agent.GD (B) also known as:

BkavW32.AIDetectVM.malware1
K7AntiVirusTrojan ( 004bdc281 )
Elasticmalicious (high confidence)
DrWebTrojan.Packed.20771
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Orbus.C3
ALYacDropped:Backdoor.MSIL.Agent.GD
CylanceUnsafe
SangforMalware
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanDropper:Win32/Noancooe.f51aa4eb
K7GWTrojan ( 004bdc281 )
Cybereasonmalicious.72ba94
BaiduWin32.Trojan-Dropper.Delf.as
CyrenW32/Trojan.VVWT-8174
SymantecTrojan.Nancrat
ESET-NOD32Win32/TrojanDropper.Delf.OEF
APEXMalicious
TotalDefenseWin32/Fynloski.ZHLKEDD
AvastMSIL:NanoCore-B [Trj]
ClamAVWin.Trojan.Nanocore-5
KasperskyTrojan-Dropper.Win32.Delf.eimp
BitDefenderDropped:Backdoor.MSIL.Agent.GD
NANO-AntivirusTrojan.Win32.Delf.flagce
ViRobotTrojan.Win32.A.Scar.451584.A
MicroWorld-eScanDropped:Backdoor.MSIL.Agent.GD
TencentMalware.Win32.Gencirc.10b0cf09
Ad-AwareDropped:Backdoor.MSIL.Agent.GD
SophosML/PE-A
ComodoTrojWare.Win32.TrojanDropper.Delf.SOC@572vwy
F-SecureTrojan.TR/Dropper.MSIL.Gen7
BitDefenderThetaAI:Packer.8791DE7B1E
VIPRETrojan.MSIL.NanoCore.B (fs)
TrendMicroTROJ_BINDER.SMBD
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
FireEyeGeneric.mg.eb740f772ba94f50
EmsisoftDropped:Backdoor.MSIL.Agent.GD (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Genome.bawa
AviraTR/Dropper.MSIL.Gen7
eGambitTrojan.Generic
Antiy-AVLTrojan[Dropper]/Win32.Delf.efnz
MicrosoftBackdoor:MSIL/Noancooe.A
GridinsoftBackdoor.Win32.Gen.zv!s1
ArcabitBackdoor.MSIL.Agent.GD
ZoneAlarmTrojan-Dropper.Win32.Delf.eimp
GDataDropped:Backdoor.MSIL.Agent.GD
AhnLab-V3Trojan/Win32.Ruftar.R30190
Acronissuspicious
McAfeeGenericRXDR-OQ!EB740F772BA9
MAXmalware (ai score=83)
VBA32TrojanDropper.Delf
MalwarebytesTrojan.Agent.DF
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_BINDER.SMBD
RisingTrojan.Dropper!1.C7FF (CLASSIC)
YandexTrojan.GenAsa!mL69tvFKrYE
IkarusBackdoor.Rat.Nanocore
MaxSecureDropper.Delf.EFNZ
FortinetW32/DROPPER.PAG!tr
AVGMSIL:NanoCore-B [Trj]
Qihoo-360Win32/Trojan.Dropper.252

How to remove Dropped:Backdoor.MSIL.Agent.GD (B)?

Dropped:Backdoor.MSIL.Agent.GD (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment