MSIL/Autorun.Spy.Agent.BT information

The MSIL/Autorun.Spy.Agent.BT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Autorun.Spy.Agent.BT virus can do?

• Behavioural detection: Executable code extraction – unpacking
• Sample contains Overlay data
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Uses Windows utilities for basic functionality
• Behavioural detection: Injection (Process Hollowing)
• Behavioural detection: Injection (inter-process)
• Behavioural detection: Injection with CreateRemoteThread in a remote process
• Behavioural detection: Transacted Hollowing
• CAPE detected the PredatorPain malware family
• Deletes executed files from disk
• Harvests cookies for information gathering
• Harvests information related to installed instant messenger clients
• Harvests information related to installed mail clients
• Attempts to interact with an Alternate Data Stream (ADS)
• Collects information to fingerprint the system
• Anomalous binary characteristics
• Attempts to modify Explorer settings to prevent hidden files from being displayed
• Uses suspicious command line tools or Windows utilities

How to determine MSIL/Autorun.Spy.Agent.BT?

File Info:
name: 09A8972C73B40E6DB0D8.mlw
path: /opt/CAPEv2/storage/binaries/fc5860f28656c6b116c8edf6b536c3e24db11290e4c2ca89ad5c9cae99cc1d9e
crc32: 395520F2
md5: 09a8972c73b40e6db0d8199649a21117
sha1: 2d15171e3086be00bdbe40aa3631c2b1f94aca52
sha256: fc5860f28656c6b116c8edf6b536c3e24db11290e4c2ca89ad5c9cae99cc1d9e
sha512: bc307575fd4ef5fd34c6647926649c967135850681130c0f193f33cbce4cbeadc4e03802f0661ea20d3a6aa29660feefab3c2642f4c744c1285e1ecf26864fb0
ssdeep: 24576:9bCj2sObHtqQ4Q59NLs+Yr9kmJ37w1UrDzuQwexGLjJ3:9bCjPKNqQ5Jd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C085D0C6F3EB40E6DC023FF5582967878B3446354734805AABFA3D458F234A5C52ABB6
sha3_384: 3bd10bdb63429981657448827821a60adf7d9b53dd904432818b3305cda310907d11e6b1b9aa6b91b409db7784849d1f
ep_bytes: e837c20000e979feffffcccccccccccc
timestamp: 2010-01-15 16:09:54

Version Info:
FileDescription: 
FileVersion: 3, 3, 4, 0
CompiledScript: AutoIt v3 Script: 3, 3, 4, 0
Translation: 0x0809 0x04b0

MSIL/Autorun.Spy.Agent.BT also known as:

How to remove MSIL/Autorun.Spy.Agent.BT?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.