About “IL:Trojan.MSILZilla.39102” infection

The IL:Trojan.MSILZilla.39102 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILZilla.39102 virus can do?

Authenticode signature is invalid
CAPE detected the XWorm malware family

How to determine IL:Trojan.MSILZilla.39102?


File Info:
name: 7798F3428342402F10AE.mlw
path: /opt/CAPEv2/storage/binaries/7fcf685b4a3e3374bf9a12ec32a553c7c28d0175d41032999000968759d7e0b6
crc32: 6A1A79A3
md5: 7798f3428342402f10ae47203b661133
sha1: 1ed94edc3ac6971d9ca44ef20df9f367f4557bd5
sha256: 7fcf685b4a3e3374bf9a12ec32a553c7c28d0175d41032999000968759d7e0b6
sha512: 4f3aeae435fa783d2bb31d9265e92f5474ce2355dfcc3eb5519786c9312840ae5d61b4abc6e326c0838ee89c1c325f98fc63a17a5a03dd068cac0e4ea99492eb
ssdeep: 768:GH6JRdwqYPNhzIgtoFf9Fy9YwOjhc/dcJ:G+rFY0gtoLFy9YwOji1cJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EF25C4877914722D9FE1FF46EB2A1464274F50BA817F75E0CC589DAAB73BC289003E6
sha3_384: 4999c681fff31ee37d5441550fd867c153e4fd583e0f80419d1fdf09b0bc10f6b8d54f9980206e2516f5eee8d0f3b1c8
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-11-25 20:23:54

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: ..exe
LegalCopyright:  
OriginalFilename: ..exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILZilla.39102 also known as:

MicroWorld-eScan	IL:Trojan.MSILZilla.39102
ClamAV	Win.Packed.njRAT-10002074-1
CAT-QuickHeal	Trojan.GenericFC.S29960909
Skyhigh	BehavesLike.Win32.Generic.nm
ALYac	IL:Trojan.MSILZilla.39102
Malwarebytes	Backdoor.XWorm.Generic
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 005aa5f01 )
K7AntiVirus	Trojan ( 005aa5f01 )
Arcabit	IL:Trojan.MSILZilla.D98BE
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.DWN
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Backdoor.MSIL.Crysan.gen
BitDefender	IL:Trojan.MSILZilla.39102
Avast	Win32:RATX-gen [Trj]
Emsisoft	IL:Trojan.MSILZilla.39102 (B)
F-Secure	Heuristic.HEUR/AGEN.1365050
DrWeb	BackDoor.Comet.152
VIPRE	IL:Trojan.MSILZilla.39102
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.7798f3428342402f
Sophos	Troj/RAT-FJ
Ikarus	Trojan.MSIL.Injector
Google	Detected
Avira	HEUR/AGEN.1365050
MAX	malware (ai score=86)
Microsoft	Trojan:MSIL/XWorm.C!MTB
ZoneAlarm	VHO:Backdoor.MSIL.Crysan.gen
GData	MSIL.Backdoor.XWormRAT.A
Varist	W32/MSIL_Agent.BUD.gen!Eldorado
AhnLab-V3	Backdoor/Win.AsyncRat.C5366153
McAfee	Trojan-FVYT!7798F3428342
VBA32	Backdoor.MSIL.XWorm.gen
Cylance	unsafe
Rising	Backdoor.XWorm!1.E338 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DWN!tr
BitDefenderTheta	Gen:NN.ZemsilF.36792.cm0@aaThhXe
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.c3ac69
DeepInstinct	MALICIOUS

How to remove IL:Trojan.MSILZilla.39102?

IL:Trojan.MSILZilla.39102 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X