What is “MSIL/Tiny.GW”?

The MSIL/Tiny.GW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Tiny.GW virus can do?

Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/Tiny.GW?


File Info:
name: 2A37641C6DB058538B2A.mlw
path: /opt/CAPEv2/storage/binaries/7ac094c4341d25cba49f586ab567ee31a0aaba1777dcb7f8a3c603c36b688f51
crc32: 49F1DF1C
md5: 2a37641c6db058538b2a5eaf218f296b
sha1: 2178a0922b479bf9059588b12c18f2c8814fedd6
sha256: 7ac094c4341d25cba49f586ab567ee31a0aaba1777dcb7f8a3c603c36b688f51
sha512: cc41c162b5c2ebdfb752e9dd79ad2871e74eb92ede15ed9ab97d83d6973a9b0efc3958f9dd6125e0cf5b2b1da45823ce939447d093b5a0e364369fec85a55e1a
ssdeep: 96:W+b7rbc0NGlXWzBckKg5tpgVFhQLfIrUYFEbig3N3vQzNt:WSH/ElKBcrOtpgeLfqGbigly
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5F1190A77E4CBA5C9BE0B7828B307105971E6824A23DB9F1CC9129C6D377508A5ABF5
sha3_384: 15654f722cdf803e2a683ac0c75609ccbbe78a18d5aaf52fa33bc1dfd4feb36f5ecf08f083d39352fdd657414e7f5c08
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-02-05 12:27:53

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: 0.exe
LegalCopyright:  
OriginalFilename: 0.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Tiny.GW also known as:

Lionic	Trojan.MSIL.Agent.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.48273076
FireEye	Generic.mg.2a37641c6db05853
McAfee	Artemis!2A37641C6DB0
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058c2931 )
Alibaba	Trojan:MSIL/MalwareX.68bd8c42
K7GW	Trojan ( 0058c2931 )
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34212.am0@a8KLK2e
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Tiny.GW
TrendMicro-HouseCall	TROJ_GEN.R002H0AB522
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	Trojan.GenericKD.48273076
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan.Agent.Hqvn
Ad-Aware	Trojan.GenericKD.48273076
Emsisoft	Trojan.GenericKD.48273076 (B)
McAfee-GW-Edition	BehavesLike.Win32.Trojan.zt
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Tiny
GData	Trojan.GenericKD.48273076
Avira	HEUR/AGEN.1235048
Antiy-AVL	Trojan/Generic.ASMalwS.3522428
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.MalwareX-gen.C4893607
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.48273076
MAX	malware (ai score=81)
APEX	Malicious
Rising	Trojan.Generic/MSIL@AI.96 (RDM.MSIL:vfkVM0bExvNA6g47teC2Nw)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_96%
Fortinet	MSIL/Tiny.GW!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.22b479
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/Tiny.GW?

MSIL/Tiny.GW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X