Malware

MSIL/Agent.SON removal tips

Malware Removal

The MSIL/Agent.SON is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.SON virus can do?

  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Detects Sunbelt Sandbox through the presence of a file
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a file
  • Detects VirtualBox through the presence of a registry key
  • Detects VMware through the presence of a file
  • Detects VMware through the presence of a registry key

How to determine MSIL/Agent.SON?



File Info:

name: ABC21561D9852D75D8B3.mlw
path: /opt/CAPEv2/storage/binaries/5312772bb9832f47229bd3dd262bf6412780cfe907e5a8a96772c8cfcf685951
crc32: 97B1A88A
md5: abc21561d9852d75d8b317e99936fcec
sha1: d286d3767e34085c1b2df760e1d44d6cff85b8cf
sha256: 5312772bb9832f47229bd3dd262bf6412780cfe907e5a8a96772c8cfcf685951
sha512: ea15911d193858da297c3ee640ced12e4085481b1147b338b4f85b4ff0b868eb9c422621567493daeb7e7130fc4294a787ada8af1a13a66146f13e254c2abc54
ssdeep: 3072:37zLK6xYiC/8bq6zT9qr30g/nX7AtaKWXSwfSV2g5:37/K6OBUbqqTo7BX7+UCYSV2g5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5E38D3C3BC89D11C16CA67E84D7920013B4DC756A52F36BBD88B2A95953FE58A02F4F
sha3_384: 40205eb5a6ca0c42430348501206ccdaa20feb66444f4565ade6859ca1891b689e9544d8f2dc883cfd7cf202b5958114
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-06-10 21:21:47


Version Info:

0: [No Data]

MSIL/Agent.SON also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.37139626
ALYacTrojan.GenericKD.37139626
CylanceUnsafe
VIPRETrojan.GenericKD.37139626
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005336781 )
AlibabaTrojan:MSIL/Generic.fea309f5
K7GWTrojan ( 005336781 )
Cybereasonmalicious.67e340
CyrenW32/MSIL_Troj.NF.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.SON
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.37139626
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Generic.Twhl
Ad-AwareTrojan.GenericKD.37139626
EmsisoftTrojan.GenericKD.37139626 (B)
ZillyaTrojan.Agent.Win32.2247703
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.abc21561d9852d75
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.37139626
JiangminTrojan.Generic.cfuzp
GoogleDetected
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.3303
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Generic.D236B4AA
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4533558
McAfeeGenericRXDY-DM!ABC21561D985
MalwarebytesTrojan.Crypt.MSIL.Generic
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:ZfYUyU98VmfFxyJzMq344w)
YandexTrojan.Agent!C3BCFlMxToo
IkarusTrojan.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.SKA!tr
BitDefenderThetaGen:NN.ZemsilF.34754.jmW@aWiGyYo
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A

How to remove MSIL/Agent.SON?

MSIL/Agent.SON removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment