Categories: Spy

MSIL/Autorun.Spy.Agent.AU information

The MSIL/Autorun.Spy.Agent.AU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Autorun.Spy.Agent.AU virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Starts servers listening on 127.0.0.1:0
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Executed a process and injected code into it, probably while unpacking
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Exhibits behavior characteristics of HawkEye keylogger.
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

z.whorecord.xyz
a.tomx.xyz
whatismyipaddress.com

How to determine MSIL/Autorun.Spy.Agent.AU?



File Info:

crc32: 28157C15md5: c8592ab0e8c0714fcee6762dfda12da2name: order05102020.exesha1: e2c55b05591cd9f85362b29092896536a94c9e8asha256: 4e637d411a2b8e4c1195d87a4e0b28cf3c8519cbd1e64c1b4b8cc05f6aa31d9esha512: 9e199837e60b77f1c0a5712ee2608411a42ef6488550f093b05c3339160028fa2b9ff09511f8734432bfcec10c64b0a08feb8112c10c6eb3362cf475c8d1aa91ssdeep: 12288:XcAt9L2fndhBK2w3p3z+iqiBZdMuWD9gP284QjVghIJnYnh0nJLPHWWrXP9hTtFk:dHqhBFgBg6+WghsJLPWWr/3Qtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

MSIL/Autorun.Spy.Agent.AU also known as:

Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34686989
CAT-QuickHeal Trojan.Kryptik
McAfee RDN/HawkEye
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.34686989
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_90% (W)
TrendMicro Trojan.Win32.WACATAC.THJOFBO
Cyren W32/Delf.XPBQ-5553
Symantec W32.Golroted
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Win.Malware.Generic-9774305-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
Alibaba Trojan:Win32/Lokibot.22bfe958
NANO-Antivirus Trojan.Win32.Kryptik.hypjpc
Rising Trojan.Generic@ML.93 (RDMK:FDqq3O0oIoZ8Dqa62UtUKg)
Ad-Aware Trojan.GenericKD.34686989
Sophos Mal/Generic-S
Comodo Malware@#r7s85vcwa94n
F-Secure Worm.WORM/Autorun.ekggy
DrWeb BackDoor.SpyBotNET.25
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Fareit.dc
FireEye Generic.mg.c8592ab0e8c0714f
Emsisoft Trojan.GenericKD.34686989 (B)
Ikarus Trojan.Win32.Injector
Jiangmin Trojan.Kryptik.ckg
Webroot W32.Trojan.Gen
Avira WORM/Autorun.ekggy
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/Lokibot.AR!MTB
Arcabit Trojan.Generic.D211480D
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.34686989
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2095
BitDefenderTheta Gen:NN.ZelphiF.34566.8GW@aKh@KLdi
ALYac Trojan.Agent.HawkEye
MAX malware (ai score=100)
VBA32 BScope.Trojan.Kryptik
Malwarebytes Trojan.MalPack.DLF
Panda Trj/Genetic.gen
Zoner Trojan.Win32.95456
ESET-NOD32 MSIL/Autorun.Spy.Agent.AU
TrendMicro-HouseCall Trojan.Win32.WACATAC.THJOFBO
Tencent Win32.Trojan.Kryptik.Syht
Yandex Trojan.Slntscn24.bUzRqi
SentinelOne DFI – Malicious PE
Fortinet W32/GenKryptik.ETOJ!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.5591cd
Paloalto generic.ml
Qihoo-360 Generic/HEUR/QVM05.1.631F.Malware.Gen

How to remove MSIL/Autorun.Spy.Agent.AU?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzMSIL/Autorun.Spy.Agent.AUwhatismyipaddress.comz.whorecord.xyz
4 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago