Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Spy
Threat report

MSIL/Spy.Agent.DTR removal guide

Published Aug 12, 2022 Spy category 2 min read
Report context

What to verify before removal

MSIL/Spy.Agent.DTR removal guide deserves a credential-safety review because this spy label can overlap with remote access, browser data theft, or persistence after reboot. Cleanup should include scanning the file, removing the persistence point, and rotating exposed passwords from a clean device.

Start by comparing the local file name with 3FD795ADC465C2C0A63D.mlw, then review the behavior notes for credential theft, browser data access, remote-control activity, and persistence after reboot. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
3FD795ADC465C2C0A63D.mlw
  • Compare the suspicious file name with 3FD795ADC465C2C0A63D.mlw.
  • Confirm the detection name matches MSIL/Spy.Agent.DTR removal guide before removing related files.
  • Review the report for credential theft, browser data access, remote-control activity, and persistence after reboot so the cleanup is based on observed behavior, not only the label.
  • After cleanup, rotate passwords from a clean device and review browser sessions or saved credentials.

The MSIL/Spy.Agent.DTR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What MSIL/Spy.Agent.DTR virus can do?

  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine MSIL/Spy.Agent.DTR?



File Info:

name: 3FD795ADC465C2C0A63D.mlw
path: /opt/CAPEv2/storage/binaries/de775495bfc5aaf3c927dbda084f2e60b6fcc7df193a9886450947f9d17a8e71
crc32: 09240244
md5: 3fd795adc465c2c0a63dd7d1f0447027
sha1: 167f20388f9c2b1677b6791ff53914d7ecbc02bc
sha256: de775495bfc5aaf3c927dbda084f2e60b6fcc7df193a9886450947f9d17a8e71
sha512: 39389234d0d1b0978a3e21e1aee567ba22b28660db4492dfea8ec99a49e4ade0d4d827e0e2297ff8153aece5c1b2eec7355b8733cf14a7b8386ccf59318b2c8c
ssdeep: 12288:dFh2tOZCR2C7eBOZ2cwx65y33vNjkB2E9JQAsMVNtTaNRstz9KLhylc5E9RT:oqBOs1uy3fZEjVX0O+ylKAR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C015331595DD7878EFBE30BC9A04DB126C381EA3BA6086845D89D7ACC43A753B20733D
sha3_384: 27341e79704d134f8e4cd2f242925fac27fda931797abec9ded8536be2714007b27f9aba0a617fa7b207f5b58743b6d6
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-12 17:44:16


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.1.1o
InternalName: libcrypto
OriginalFilename: libcrypto
ProductName: 
ProductVersion: 1.1.1o
LegalCopyright: Copyright 1998-2022 The OpenSSL Authors. All rights reserved.
Translation: 0x0409 0x04b0

MSIL/Spy.Agent.DTR also known as:

Bkav W32.AIDetectNet.01
MicroWorld-eScan Trojan.MSIL.Basic.8.Gen
FireEye Generic.mg.3fd795adc465c2c0
ALYac Trojan.MSIL.Basic.8.Gen
Cylance Unsafe
CrowdStrike win/malicious_confidence_70% (D)
BitDefenderTheta Gen:NN.ZemsilF.34592.5m0@aWOqVGli
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.Agent.DTR
APEX Malicious
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.MSIL.Basic.8.Gen
Avast SpywareX-gen [Trj]
Rising Trojan.Generic/MSIL@AI.92 (RDM.MSIL:NzYYfI3DubKX0q29hJ7hOg)
Ad-Aware Trojan.MSIL.Basic.8.Gen
Emsisoft Trojan.MSIL.Basic.8.Gen (B)
VIPRE Trojan.MSIL.Basic.8.Gen
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Trapmine malicious.moderate.ml.score
Sophos Generic ML PUA (PUA)
SentinelOne Static AI – Malicious PE
Google Detected
Avira TR/Dropper.Gen
MAX malware (ai score=88)
Microsoft Program:Win32/Wacapew.C!ml
GData Trojan.MSIL.Basic.8.Gen
Cynet Malicious (score: 100)
Malwarebytes MachineLearning/Anomalous.100%
Ikarus Trojan.Bladabindi
AVG SpywareX-gen [Trj]
Cybereason malicious.dc465c

How to remove MSIL/Spy.Agent.DTR?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.