Should I remove “MSIL/Spy.Agent.DPM”?

The MSIL/Spy.Agent.DPM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Agent.DPM virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Spy.Agent.DPM?


File Info:
name: 533B95716D2DD5119068.mlw
path: /opt/CAPEv2/storage/binaries/3c71db50b9de1b3a7032eb8da20be2403bb0fe1984b4d4eabf8be2c056e912fe
crc32: FA385BB1
md5: 533b95716d2dd5119068ca5ff850484e
sha1: 59d6ed6a1f88b8179bb648cc9ada4b4885eb7236
sha256: 3c71db50b9de1b3a7032eb8da20be2403bb0fe1984b4d4eabf8be2c056e912fe
sha512: cb3bfcad31dab99805c66c304fac3c08278855efe0cb9464c74574af6eb95726b5b19687587938a2c655732b856703945f14406e3377efcead97492db119f971
ssdeep: 96:KIx6qHc9lXjeBJhyMNa/lHk5PtAAkVczNt:KIx/H4iJF75PKM
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F5C1C51163F88735E9B69B7AAC7343004679B7514C73C76E38CC615BAD13B248B22B71
sha3_384: 5ada18bdcf9e2930e1de131087543f01fe229e6feb49721033f45a4d9836f8e5c13850a4f0ddb8b90793bc23c01fddde
ep_bytes: ff250020400000000000000000000000
timestamp: 2078-02-12 12:11:10

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Amongus
FileVersion: 1.0.0.0
InternalName: Amongus.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Amongus.exe
ProductName: Amongus
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Spy.Agent.DPM also known as:

MicroWorld-eScan	IL:Trojan.MSILZilla.6004
FireEye	IL:Trojan.MSILZilla.6004
CAT-QuickHeal	Trojan.Win32
ALYac	IL:Trojan.MSILZilla.6004
Malwarebytes	RiskWare.Agent
Zillya	Trojan.Agent.Win32.2534386
K7AntiVirus	Spyware ( 0058a1c71 )
Alibaba	Trojan:MSIL/MSILZilla.063ddfe7
K7GW	Spyware ( 0058a1c71 )
Cybereason	malicious.16d2dd
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.DPM
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	IL:Trojan.MSILZilla.6004
Avast	Win32:TrojanX-gen [Trj]
Tencent	Msil.Trojan.Agent.Stap
Ad-Aware	IL:Trojan.MSILZilla.6004
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.UMal.degzz@0
DrWeb	Trojan.SpyBot.1125
TrendMicro	TROJ_GEN.R049C0GKK21
Emsisoft	Trojan-Spy.Agent (A)
SentinelOne	Static AI – Suspicious PE
GData	IL:Trojan.MSILZilla.6004
Webroot	W32.Trojan.Gen
Avira	TR/Spy.Agent.hopow
Antiy-AVL	Trojan/Generic.ASMalwS.34D2D80
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Agent.ns
ViRobot	Trojan.Win32.Z.Agent.6144.CHI
Microsoft	Trojan:Win32/Mamson.A!ac
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4750376
McAfee	RDN/Generic PWS.y
MAX	malware (ai score=87)
VBA32	TScope.Trojan.MSIL
TrendMicro-HouseCall	TROJ_GEN.R049C0GKK21
Yandex	Trojan.Agent!64VpVdkiCHY
Ikarus	Trojan.IL.MSILZilla
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DPM!tr.spy
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/Spy.Agent.DPM?

MSIL/Spy.Agent.DPM removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X