Should I remove “MSIL/Spy.Agent.CEI”?

The MSIL/Spy.Agent.CEI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Agent.CEI virus can do?

The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs

How to determine MSIL/Spy.Agent.CEI?


File Info:
crc32: 45FCD67C
md5: 923169d8b4d1c4f24751b9726d93c1a9
name: sh1xvhsgzid.exe
sha1: c4e191e109f730333f2169d2264f5077ad4daf4a
sha256: 399cc1d48e37c4a6487a92fe29e8bc4e110b45ebe63010a2e84c9ecfe24f2952
sha512: b72d67172ee844eb2731d3ff3845e6c70d349c733fda4e849c85a1103239d4db654234ec5519430050da3a16c002b0e23cd04c1d7af540f1e17612e25c711c41
ssdeep: 6144:KD613UZXpsa4JmKkK+ehMya79w3kmh3eogdv:o6mJG+ehl31NA
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: WerMgr
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 10.0.17134.1
FileDescription: Windows Problem Reporting
OriginalFilename: WerMgr
Translation: 0x0409 0x04b0

MSIL/Spy.Agent.CEI also known as:

MicroWorld-eScan	Gen:Variant.Razy.506926
FireEye	Generic.mg.923169d8b4d1c4f2
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
McAfee	GenericRXIA-PF!923169D8B4D1
Cylance	Unsafe
K7AntiVirus	Spyware ( 005489ea1 )
BitDefender	Gen:Variant.Razy.506926
K7GW	Spyware ( 005489ea1 )
Cybereason	malicious.8b4d1c
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZemsilF.32251.mq0@aG0RDTpi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.CEI
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
GData	Gen:Variant.Razy.506926
Kaspersky	HEUR:Trojan-PSW.MSIL.Cordis.gen
Endgame	malicious (high confidence)
Emsisoft	Gen:Variant.Razy.506926 (B)
F-Secure	Trojan.TR/Dropper.Gen
McAfee-GW-Edition	GenericRXIA-PF!923169D8B4D1
Ikarus	Trojan.MSIL.Spy
Avira	TR/Dropper.Gen
MAX	malware (ai score=82)
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Razy.D7BC2E
SUPERAntiSpyware	Trojan.Agent/Gen-PasswordStealer
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Cordis.gen
AhnLab-V3	Trojan/Win32.Agent.C2926564
Acronis	suspicious
ALYac	Gen:Variant.Razy.506926
Ad-Aware	Gen:Variant.Razy.506926
Malwarebytes	Spyware.PasswordStealer
SentinelOne	DFI – Malicious PE
Fortinet	MSIL/Agent.RCD!tr.pws
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove MSIL/Spy.Agent.CEI?

MSIL/Spy.Agent.CEI removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X