How to remove “IL:Trojan.MSILZilla.18166”?

The IL:Trojan.MSILZilla.18166 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILZilla.18166 virus can do?

Authenticode signature is invalid
Binary compilation timestomping detected

How to determine IL:Trojan.MSILZilla.18166?


File Info:
name: BCA044D7920800D6C18A.mlw
path: /opt/CAPEv2/storage/binaries/a0156a5aa9daae9d2c856760b948b5097256676a7d919c4f16375aff228fbddb
crc32: 0E4A680B
md5: bca044d7920800d6c18a6ff0c6a79f61
sha1: d4f728213bf82c3f6b82d4dbb999e2f9fe2a2f63
sha256: a0156a5aa9daae9d2c856760b948b5097256676a7d919c4f16375aff228fbddb
sha512: 7d2861948df0954a9ec3b3e3e8d1c4ebd267116fd128fa93b5c07f3f58b0cf2b31d421d2a044efd6b99ce75e458a51415418ad15d3c0303c2e039dcc3c9e122a
ssdeep: 768:Th1IEpKq+8E3jTwEQydUbAc5tuYsxYho:nIEYz3jMmKaYsxmo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194E2C53076941327D12F4CBAC56DB64D4B76A9136409DB9DF8CD33BA4BE2B802642AC3
sha3_384: ddd4dcee5afdf037dd7809e655c3056ae43c97f8d0edf7b02da6226c420c453122275725cb4090662640420592b09c9c
ep_bytes: ff250020400000000000000000000000
timestamp: 2039-05-06 16:27:46

Version Info:
Translation: 0x0000 0x04b0
Comments: update
CompanyName: 
FileDescription: update
FileVersion: 1.819.22.3
InternalName: update.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: update.exe
ProductName: 
ProductVersion: 1.819.22.3
Assembly Version: 1.819.22.3

IL:Trojan.MSILZilla.18166 also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (moderate confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.18166
FireEye	Generic.mg.bca044d7920800d6
ALYac	IL:Trojan.MSILZilla.18166
Malwarebytes	Trojan.Crypt.MSIL.Generic
Sangfor	Backdoor.MSIL.Small.gen
K7AntiVirus	Spyware ( 00591d531 )
Alibaba	Backdoor:MSIL/Generic.e4c02765
K7GW	Spyware ( 00591d531 )
Cybereason	malicious.13bf82
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.DQK
TrendMicro-HouseCall	TROJ_GEN.R002H0CDL22
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.MSIL.Small.gen
BitDefender	IL:Trojan.MSILZilla.18166
Avast	Win32:TrojanX-gen [Trj]
Tencent	Msil.Backdoor.Small.Pitk
Ad-Aware	IL:Trojan.MSILZilla.18166
Emsisoft	IL:Trojan.MSILZilla.18166 (B)
F-Secure	Trojan.TR/Spy.Agent.pxvxr
McAfee-GW-Edition	BehavesLike.Win32.AdwareTskLnk.nm
Sophos	Mal/Generic-S
Avira	TR/Spy.Agent.pxvxr
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	IL:Trojan.MSILZilla.18166
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4773609
McAfee	RDN/Generic BackDoor
MAX	malware (ai score=86)
APEX	Malicious
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/Agent.DQK!tr.spy
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

How to remove IL:Trojan.MSILZilla.18166?

IL:Trojan.MSILZilla.18166 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X