MSIL/Spy.Agent.DWX removal instruction

The MSIL/Spy.Agent.DWX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Agent.DWX virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Spy.Agent.DWX?


File Info:
name: DEEFBC19F37E56D9B92F.mlw
path: /opt/CAPEv2/storage/binaries/a4d0769c9714ce7fe52ec0a463ecc307b1e4e3aa09a1edc42fc544afb64cc63d
crc32: C5AD2979
md5: deefbc19f37e56d9b92fb05ac113453d
sha1: 55e424e6960a6b0bfcff5b7db301eb40e6c750ac
sha256: a4d0769c9714ce7fe52ec0a463ecc307b1e4e3aa09a1edc42fc544afb64cc63d
sha512: 0fbc87a75bec203e3a2136bf3d4e4261ad59c4b666a8ec388d16a0b547a554300d3244fb134ef220e324643293c6f5b467c2c8ac613e447f4049714cfffd66ba
ssdeep: 24576:H7blUijlUEk1SBJzdHolLDpRj2mmYqmj1o/Ie2fY1P8DAi3MvORa7ocW:bxUij6SB/uFYmmY1ZoJr6Arto
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D75AD027645CA06D0A91BB7C4EFD31847A8AD832A66D71A3E9F33AC15113E75D8E1CF
sha3_384: 45a8e1fc79871f0ee347040c1df235f31dd32c3cb5bf7b97046e0b2396cf25691dfd0725127816d4d015643cebe286c7
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-03-30 17:07:30

Version Info:
ProductName: dhZlvdv
CompanyName: 3Lk3yZbDgF
InternalName: UGdakW3vKF3AB.exe
LegalCopyright: cYHDj94
Comments: TaQBzew6ZBT8AFAEkW3msN9Kj
OriginalFilename: zBjA8FytbBUhdqVNj2kDL.exe
ProductVersion: 673.400.379.344
FileVersion: 972.856.747.468
Translation: 0x0409 0x0514

MSIL/Spy.Agent.DWX also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
FireEye	Generic.mg.deefbc19f37e56d9
CAT-QuickHeal	Backdoor.MsilFC.S28494217
Skyhigh	BehavesLike.Win32.AgentTesla.tc
McAfee	Trojan-FUJL!DEEFBC19F37E
Cylance	unsafe
Zillya	Trojan.Agent.Win32.2842021
Sangfor	Suspicious.Win32.Save.a
Alibaba	Backdoor:MSIL/AgentTesla.a127a927
K7GW	Spyware ( 0058ff0e1 )
K7AntiVirus	Spyware ( 0058ff0e1 )
BitDefenderTheta	Gen:NN.ZemsilF.36802.Hr0@aK9LQRfi
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.DWX
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	Gen:Variant.Ransom.Prometheus.1
NANO-Antivirus	Trojan.Win32.DCRat.jqeies
MicroWorld-eScan	Gen:Variant.Ransom.Prometheus.1
Tencent	Backdoor.MSIL.Stealer.11025419
Emsisoft	Gen:Variant.Ransom.Prometheus.1 (B)
F-Secure	Heuristic.HEUR/AGEN.1323984
DrWeb	BackDoor.DarkCrystal.73
VIPRE	Gen:Variant.Ransom.Prometheus.1
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Google	Detected
Avira	HEUR/AGEN.1323984
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Spy]/MSIL.Agent
Kingsoft	malware.kb.c.992
Microsoft	Trojan:MSIL/AgentTesla.NUH!MTB
Arcabit	Trojan.Ransom.Prometheus.1
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
GData	Gen:Variant.Ransom.Prometheus.1
Varist	W32/MSIL_Agent.LQ.gen!Eldorado
AhnLab-V3	Trojan/Win.MSILZilla.C4982861
Acronis	suspicious
ALYac	Gen:Variant.Ransom.Prometheus.1
Malwarebytes	Generic.Spyware.Stealer.DDS
Panda	Trj/GdSda.A
Rising	Backdoor.DcRat!8.129D9 (CLOUD)
Yandex	TrojanSpy.Agent!3JgYt+7br7k
Ikarus	Trojan.MSIL.Spy
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DTR!tr.spy
AVG	Win32:RATX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove MSIL/Spy.Agent.DWX?

MSIL/Spy.Agent.DWX removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X