Spy

MSIL/Spy.AgentTesla.I removal instruction

Malware Removal

The MSIL/Spy.AgentTesla.I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Spy.AgentTesla.I virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/Spy.AgentTesla.I?



File Info:

name: 09B0FF1242FE63CB0FD7.mlw
path: /opt/CAPEv2/storage/binaries/b8568ef8c461f57be0df8d02e0488a5dbd9d2a7557c8d657e3978f138cbb7cdf
crc32: C7199C35
md5: 09b0ff1242fe63cb0fd7b07c90e69362
sha1: f022f88791a64ee203db2f9c3c59baeb1353bb66
sha256: b8568ef8c461f57be0df8d02e0488a5dbd9d2a7557c8d657e3978f138cbb7cdf
sha512: 2204a7d336f02cc21a7e81e1b02eaf499ef68d5ae4f6915943578aeb3adbccd9801014a28f28fad92fa70651c8baeb66206023ebe03ad04c9d70f9e5802a9d00
ssdeep: 24576:ZqMSN1FCQa9kiMietnN3/vAzfJooWa4xCyQg+nJ8V869/t5:Zq3N1FCQa9kiMienvIzT4x0g+Ett
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B045193C19BC1227D175D2A5DBD48023F764A4AB3025EE6988C243D94B6FB436D87E2F
sha3_384: 4c968b17324dccc234ee84fe72e7517895c6813e2c8938e5c5d7fb814a23f198d8d911b09f5b2d89c1699d32417576b4
ep_bytes: ff250020400000000000000000000000
timestamp: 2090-06-06 12:58:41


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft Corporation
FileDescription: Nakliye
FileVersion: 1.0.0.0
InternalName: ICgY.exe
LegalCopyright: Copyright ©  2024
LegalTrademarks: 
OriginalFilename: ICgY.exe
ProductName: Nakliye
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Spy.AgentTesla.I also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Agensla.i!c
MicroWorld-eScanTrojan.GenericKD.71992116
FireEyeTrojan.GenericKD.71992116
CAT-QuickHealTrojanpws.Msil
ALYacTrojan.GenericKD.71992116
Cylanceunsafe
SangforSuspicious.Win32.Save.a
AlibabaTrojan:MSIL/GenSteal.c208498a
VirITTrojan.Win32.MSIL_Heur.A
SymantecScr.Malcode!gdn34
Elasticmalicious (high confidence)
ESET-NOD32MSIL/Spy.AgentTesla.I
BitDefenderTrojan.GenericKD.71992116
NANO-AntivirusTrojan.Win32.PackedNET.kkpyye
DrWebTrojan.PackedNET.2511
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
AviraTR/AD.GenSteal.qhsuu
Antiy-AVLGrayWare/MSIL.Kryptik.enu
KingsoftWin32.PSWTroj.Undef.a
ArcabitTrojan.Generic.D44A8334
AhnLab-V3Trojan/Win.RATX-gen.C5601727
MAXmalware (ai score=83)
DeepInstinctMALICIOUS
MalwarebytesTrojan.Agent.MSIL
TencentMsil.Trojan-QQPass.QQRob.Gplw
IkarusTrojan-Spy.MSIL.AgentTesla
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/GenKryptik.GUHV!tr
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan[stealer]:MSIL/Agensla.gen

How to remove MSIL/Spy.AgentTesla.I?

MSIL/Spy.AgentTesla.I removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment