Malware

How to remove “MSIL/Agent.OKE”?

Malware Removal

The MSIL/Agent.OKE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.OKE virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine MSIL/Agent.OKE?



File Info:

name: ABE2CEEEE33616419DC4.mlw
path: /opt/CAPEv2/storage/binaries/22ce9127d56d99f6a0ecc83e80eded8ac7351c02eb575babad0954225b8e792b
crc32: D80BE3D9
md5: abe2ceeee33616419dc4261e5dee1af1
sha1: d1a8703de624f2abbd86f1ee7df5a232fb5fea0f
sha256: 22ce9127d56d99f6a0ecc83e80eded8ac7351c02eb575babad0954225b8e792b
sha512: 107647286b981f01e6a13b78e72e46fa9e99c816fb23b5b08e7080bb439d634e7e3507c27b2cb6aba49e4e2a9d8257c143657a41f42d8ef999588bb5a3f226b2
ssdeep: 384:XgocptGAMIniprHAGoGkGCKR2sBLf45xQfr68qZUN7r:pNCihHABGkBKh1j7r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T152C2091623ED8333CE690B765923675106B5EE828A23EF2F1D84716E5EB73008F537A5
sha3_384: f78daffbec021fe605acc00600eae8f29da2ee969761be0bcd4460b6d70dc1e9e6a6fb877b4f72643fc298253f2ee149
ep_bytes: ff250020400000000000000000000000
timestamp: 2008-12-12 19:49:46


Version Info:

Translation: 0x0000 0x04b0
FileDescription: test2
FileVersion: 1.0.0.0
InternalName: test2.exe
LegalCopyright: Copyright ©  2008
OriginalFilename: test2.exe
ProductName: test2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.OKE also known as:

LionicTrojan.Win32.Generic.lYeJ
DrWebTrojan.DownLoader7.13729
CynetMalicious (score: 99)
FireEyeGeneric.mg.abe2ceeee3361641
McAfeeArtemis!ABE2CEEEE336
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2567585
SangforTrojan.Win32.Generic.frgT
AlibabaTrojanDropper:Win32/KeyLogger.451dd7af
Cybereasonmalicious.de624f
BitDefenderThetaGen:NN.ZemsilF.34294.bq0@aOWYfMh
SymantecTrojan.Gen.2
ESET-NOD32MSIL/Agent.OKE
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Sysn.sqz
BitDefenderAdware.GenericKD.38092078
NANO-AntivirusTrojan.Win32.MlwGen.cxwkwe
MicroWorld-eScanAdware.GenericKD.38092078
AvastMSIL:KeyLogger-DZ [PUP]
TencentMsil.Trojan.Agent.Lqyk
Ad-AwareAdware.GenericKD.38092078
EmsisoftAdware.GenericKD.38092078 (B)
ComodoMalware@#6hfof12e8776
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R03BC0GKP21
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataAdware.GenericKD.38092078
JiangminTrojanDropper.Sysn.gjz
Webrootw32.malware.gen
AviraTR/ATRAPS.Gen
MAXmalware (ai score=61)
Antiy-AVLTrojan/Generic.ASMalwS.114916
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ViRobotTrojan.Win32.Z.Agent.27136.BGQ
MicrosoftBackdoor:Win32/Bladabindi!ml
VBA32Trojan.MSIL.Agent
ALYacAdware.GenericKD.38092078
TrendMicro-HouseCallTROJ_GEN.R03BC0GKP21
IkarusTrojan.Msil
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/TrojanBinder.AQ!tr
AVGMSIL:KeyLogger-DZ [PUP]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSIL/Agent.OKE?

MSIL/Agent.OKE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment