MSIL/Agent.DWN removal tips

The MSIL/Agent.DWN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Agent.DWN virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine MSIL/Agent.DWN?


File Info:
name: DB45FC6AFB908EDB4D5F.mlw
path: /opt/CAPEv2/storage/binaries/a372f75360e259d17c1607138063d126b30551cfc74e40e509888ad32abeefee
crc32: 6C2E5896
md5: db45fc6afb908edb4d5f313a4150a285
sha1: bd3d4108de138719c0d95260d9c8d8c63dac50cb
sha256: a372f75360e259d17c1607138063d126b30551cfc74e40e509888ad32abeefee
sha512: c66cc73760602491f974b79fd552333cb120fcc4d46506da412a274284a2324e4dddfa18ac6f775d5fd8e6bb4c986916bbc0b6629562f499d19500a18c002cb2
ssdeep: 1536:9FBodJM3RfD+yBX4zBSLrUoUt6k4I5xsoxLaS+:9/oDOxjX4z4v9Ut6k+oxGS+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1877307877BE58861CE5DEBB408870585256043937B42EAAD2CD4447E0E877FBB90D8FB
sha3_384: c3cb835ce59cdba9fe5898778ab5ff86cc739f8d4e20db45df87b6735a8c4bf4595e28570b6c6e6adaedf6212f16727f
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-28 21:51:51

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: XWormClient.exe
LegalCopyright:  
OriginalFilename: XWormClient.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.DWN also known as:

Bkav	W32.AIDetectNet.01
FireEye	Generic.mg.db45fc6afb908edb
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
K7AntiVirus	Trojan ( 00592e8b1 )
K7GW	Trojan ( 00592e8b1 )
Cybereason	malicious.8de138
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.DWN
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.GenericML.xnet
Avast	Win32:MalwareX-gen [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Generic.lm
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
Ikarus	Trojan.MSIL.Agent
GData	Win32.Trojan.Agent.A7JWHH
Avira	HEUR/AGEN.1222085
ZoneAlarm	UDS:Trojan.Win32.GenericML.xnet
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	RDN/Real Protect-LS
VBA32	Malware-Cryptor.MSIL.AgentTesla.Heur
TrendMicro-HouseCall	TROJ_GEN.R014H0AGS22
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:HML9gaaUeadthj5Hrb9aPg)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DWN!tr
BitDefenderTheta	Gen:NN.ZemsilF.34806.em0@aS7Ys6l
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/Agent.DWN?

MSIL/Agent.DWN removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X