What is “MSIL/Agent.DZB”?

The MSIL/Agent.DZB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Agent.DZB virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Agent.DZB?


File Info:
name: AB2DB8A9CEBCBB5A2611.mlw
path: /opt/CAPEv2/storage/binaries/9a97e504719c37cde1f1cbbf9d71db08d9aec9f58dd805644683857d50108602
crc32: 9B3F22BE
md5: ab2db8a9cebcbb5a2611b8a185fdd434
sha1: 172960d32d0d5a46e0e78234ff0413ce654ff236
sha256: 9a97e504719c37cde1f1cbbf9d71db08d9aec9f58dd805644683857d50108602
sha512: 6159e2fc31a25efed270b07b4c84af4cc0c0fb41b60d338ef5a5a66c8d4d4795b336c4b58d80af6975c5100a4b937dfcfc953078f2ba9e7348b43994600e1eff
ssdeep: 384:yK4zAs7+KWcBAj1RLS+V7NMfEt1SAQl4AkBdvl/Y0f3Eg3Xp18pOxHghLgRfum:yK4chVcB9+VFSBhGz3txHglgYm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F9B2F70437E8C73AD5BF1F7F69B2901007B1BA534612CA0D9FA274991E323568A16FE6
sha3_384: fdfdeccb42af4b62477adc3f14dd83771e211c1f77b99b408ae4017572ce744d0a5c74d4c3a53448447de4180f8c7e39
ep_bytes: ff250020400000000000000000000000
timestamp: 2099-06-13 02:36:11

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: File Transfer
FileVersion: 1.1.1.1
InternalName: File Transfer.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: File Transfer.exe
ProductName: 
ProductVersion: 1.1.1.1
Assembly Version: 1.1.1.1

MSIL/Agent.DZB also known as:

Lionic	Trojan.MSIL.Stealer.l!c
Cynet	Malicious (score: 100)
FireEye	Trojan.GenericKD.50495596
McAfee	RDN/Generic PWS.y
Cylance	Unsafe
VIPRE	Trojan.GenericKD.50495596
Sangfor	Spyware.Msil.Agent.Vfai
K7AntiVirus	Trojan ( 00594a701 )
BitDefender	Trojan.GenericKD.50495596
K7GW	Trojan ( 00594a701 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.DZB
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba	TrojanSpy:MSIL/Stealer.1d924904
MicroWorld-eScan	Trojan.GenericKD.50495596
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.50495596
Emsisoft	Trojan.GenericKD.50495596 (B)
Zillya	Trojan.Agent.Win32.2822423
TrendMicro	TROJ_GEN.R002C0WFP22
McAfee-GW-Edition	RDN/Generic PWS.y
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.50495596
Jiangmin	TrojanSpy.MSIL.cnqo
Avira	TR/Agent.xgesg
MAX	malware (ai score=88)
Arcabit	Trojan.Generic.D302806C
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.Generic.C5182214
ALYac	Trojan.GenericKD.50495596
Malwarebytes	Trojan.Crypt.MSIL
TrendMicro-HouseCall	TROJ_GEN.R002C0WFP22
Tencent	Msil.Trojan-spy.Stealer.Lmkr
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.73709669.susgen
Fortinet	MSIL/Agent.DZB!tr
BitDefenderTheta	Gen:NN.ZemsilCO.34786.bm0@aOFhG8n
AVG	Win32:MalwareX-gen [Trj]

How to remove MSIL/Agent.DZB?

MSIL/Agent.DZB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X