MSIL/Spy.Agent.DTR removal guide

The MSIL/Spy.Agent.DTR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Agent.DTR virus can do?

.NET file is packed/obfuscated with Confuser
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Spy.Agent.DTR?


File Info:
name: 3FD795ADC465C2C0A63D.mlw
path: /opt/CAPEv2/storage/binaries/de775495bfc5aaf3c927dbda084f2e60b6fcc7df193a9886450947f9d17a8e71
crc32: 09240244
md5: 3fd795adc465c2c0a63dd7d1f0447027
sha1: 167f20388f9c2b1677b6791ff53914d7ecbc02bc
sha256: de775495bfc5aaf3c927dbda084f2e60b6fcc7df193a9886450947f9d17a8e71
sha512: 39389234d0d1b0978a3e21e1aee567ba22b28660db4492dfea8ec99a49e4ade0d4d827e0e2297ff8153aece5c1b2eec7355b8733cf14a7b8386ccf59318b2c8c
ssdeep: 12288:dFh2tOZCR2C7eBOZ2cwx65y33vNjkB2E9JQAsMVNtTaNRstz9KLhylc5E9RT:oqBOs1uy3fZEjVX0O+ylKAR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C015331595DD7878EFBE30BC9A04DB126C381EA3BA6086845D89D7ACC43A753B20733D
sha3_384: 27341e79704d134f8e4cd2f242925fac27fda931797abec9ded8536be2714007b27f9aba0a617fa7b207f5b58743b6d6
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-12 17:44:16

Version Info:
CompanyName: 
FileDescription: 
FileVersion: 1.1.1o
InternalName: libcrypto
OriginalFilename: libcrypto
ProductName: 
ProductVersion: 1.1.1o
LegalCopyright: Copyright 1998-2022 The OpenSSL Authors. All rights reserved.
Translation: 0x0409 0x04b0

MSIL/Spy.Agent.DTR also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Trojan.MSIL.Basic.8.Gen
FireEye	Generic.mg.3fd795adc465c2c0
ALYac	Trojan.MSIL.Basic.8.Gen
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
BitDefenderTheta	Gen:NN.ZemsilF.34592.5m0@aWOqVGli
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DTR
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.MSIL.Basic.8.Gen
Avast	SpywareX-gen [Trj]
Rising	Trojan.Generic/MSIL@AI.92 (RDM.MSIL:NzYYfI3DubKX0q29hJ7hOg)
Ad-Aware	Trojan.MSIL.Basic.8.Gen
Emsisoft	Trojan.MSIL.Basic.8.Gen (B)
VIPRE	Trojan.MSIL.Basic.8.Gen
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=88)
Microsoft	Program:Win32/Wacapew.C!ml
GData	Trojan.MSIL.Basic.8.Gen
Cynet	Malicious (score: 100)
Malwarebytes	MachineLearning/Anomalous.100%
Ikarus	Trojan.Bladabindi
AVG	SpywareX-gen [Trj]
Cybereason	malicious.dc465c

How to remove MSIL/Spy.Agent.DTR?

MSIL/Spy.Agent.DTR removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X