IL:Trojan.MSILZilla.6508 removal guide

The IL:Trojan.MSILZilla.6508 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What IL:Trojan.MSILZilla.6508 virus can do?

Executable code extraction
Creates RWX memory
Drops a binary and executes it
Network activity detected but not expressed in API logs
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine IL:Trojan.MSILZilla.6508?


File Info:
crc32: 53248AA7
md5: 710638ad437a2ea199dac48a6cd3669c
name: 710638AD437A2EA199DAC48A6CD3669C.mlw
sha1: 459f007de4d538afc440892a3f26f4ed36c91570
sha256: 37f92af2352645fe9be9bd00bdf610d760c3ba229a07b1bd0484651933032928
sha512: 4cfc2792a12a104be1a4f228d883b748aabba29995543eb55980b137647c83bc0df66ee92ad981395c0753cba40e0f01d263f61a07684272098f772e9a2b0ea4
ssdeep: 3072:IurlxKcLBZde2vBVQF4EWjFRA229YvepcCBKX7pV:TrlzbdeAVQF4EWx92iepcCBKr
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: vNOyDtV6Jhq3Ovyv8MrS2fK7hYn0tu
Assembly Version: 0.5.8.3
InternalName: assemblychange.exe
FileVersion: 3.7.0.8
CompanyName: kf4pGGkX0dfZVuNk9ue52LQ8od51lS
LegalTrademarks: GSIQHUAzM3kepDlVfuSiwMVAxmx4zf
Comments: JBrtUpdMkpHaUCmuded6c9aunEOi5y
ProductName: PMb84oE3B0o2gvBM754j2QftGNRssz
ProductVersion: 3.7.0.8
FileDescription: uBHuErmeu1MUP2NOpD7Mh2cXwgTR0y
OriginalFilename: assemblychange.exe

IL:Trojan.MSILZilla.6508 also known as:

K7AntiVirus	Trojan ( 700000121 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader9.27474
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Bladabindi.AL3
ALYac	IL:Trojan.MSILZilla.6508
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 700000121 )
Cybereason	malicious.d437a2
Cyren	W32/MSIL_Mintluks.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.AT
Zoner	Trojan.Win32.85324
APEX	Malicious
Avast	MSIL:KillAV-B [Trj]
ClamAV	Win.Dropper.njRAT-7400469-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.6508
NANO-Antivirus	Trojan.Win32.MlwGen.dckdxu
MicroWorld-eScan	IL:Trojan.MSILZilla.6508
Ad-Aware	IL:Trojan.MSILZilla.6508
Sophos	ML/PE-A + Mal/Bladabi-P
Comodo	TrojWare.MSIL.Bladabindi.W@8alt75
BitDefenderTheta	Gen:NN.ZemsilF.34266.lm0@aCzXP2
TrendMicro	BKDR_BLADABI.SMF
McAfee-GW-Edition	PWS-FDEC!710638AD437A
FireEye	Generic.mg.710638ad437a2ea1
Emsisoft	IL:Trojan.MSILZilla.6508 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Generic.aztew
Avira	TR/ATRAPS.Gen
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.831312
Microsoft	PWS:MSIL/Mintluks.A
Arcabit	IL:Trojan.MSILZilla.D196C
GData	MSIL.Backdoor.Motnav.A
AhnLab-V3	Trojan/Win32.Generic.C263497
McAfee	PWS-FDEC!710638AD437A
MAX	malware (ai score=87)
VBA32	Trojan.Downloader
Malwarebytes	HackTool.Agent.ACGen
Panda	Generic Malware
TrendMicro-HouseCall	BKDR_BLADABI.SMF
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Yandex	Trojan.Agent!mYCeBpNVFBg
Ikarus	Worm.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/SpyPSW.AVQ!tr
AVG	MSIL:KillAV-B [Trj]
Paloalto	generic.ml

How to remove IL:Trojan.MSILZilla.6508?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

IL:Trojan.MSILZilla.6508 removal guide