How to remove “MSIL/TrojanDownloader.Agent.GUU”?

The MSIL/TrojanDownloader.Agent.GUU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.GUU virus can do?

Presents an Authenticode digital signature
The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine MSIL/TrojanDownloader.Agent.GUU?


File Info:
crc32: E795083F
md5: f37cb24f77d71e5bae6018615ae6f789
name: vsl.exe
sha1: 6e57ea1e47ffa5c0d51455be771602e35479f5d5
sha256: 58e919965df896c5650448556e2a6d96ecc92a8f2af4dbdf81f4a86c2df5a091
sha512: 1947086004669e9892227440df4e990cad1ccdd8cad5411db9b688c7d6cc7a005e484826b5d69c8b51996c31c11eee879b1c9a02a2b98a74175e24e80abe1911
ssdeep: 768:PobdgTVTlBCdSHP+r1DPyvLgKAQIIIIHRFFgF5F8Uf2hQ:QxgJTlfE1DPyjg8FFgF5F8Ufl
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
LegalCopyright: xa9 x5c41x416x5c41. All rights reserved.
Assembly Version: 7.0.2.7
FileVersion: 8.0.7.4
CompanyName: x416x5c41x416
LegalTrademarks: x5c41x5c41x42e
Comments: x7ef4x415x827e x428x5c41x6bd4
ProductName: x416x416x42d x5c41x513fx5c41
ProductVersion: 7.0.2.7
FileDescription: x42ex513fx42e x5c41x513fx513f
OriginalFilename: x416x416x42d x5c41x513fx5c41.exe
Translation: 0x0409 0x0514

MSIL/TrojanDownloader.Agent.GUU also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen10.31872
MicroWorld-eScan	Trojan.GenericKD.43948707
FireEye	Generic.mg.f37cb24f77d71e5b
CAT-QuickHeal	Trojanpws.Msil
Qihoo-360	Win32/Trojan.c96
ALYac	Trojan.GenericKD.43948707
Cylance	Unsafe
Sangfor	Malware
BitDefender	Trojan.GenericKD.43948707
K7GW	Trojan-Downloader ( 005701ce1 )
K7AntiVirus	Trojan-Downloader ( 005701ce1 )
TrendMicro	TrojanSpy.MSIL.NEGASTEAL.THJOEBO
Cyren	W32/MSIL_Agent.BPW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.GUU
TrendMicro-HouseCall	TrojanSpy.MSIL.NEGASTEAL.THJOEBO
Avast	Win32:DangerousSig [Trj]
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba	TrojanPSW:MSIL/Ymacco.65c25593
NANO-Antivirus	Trojan.Win32.Agensla.hyjwxe
ViRobot	Trojan.Win32.Z.Agent.56688
AegisLab	Trojan.MSIL.Agensla.i!c
Ad-Aware	Trojan.GenericKD.43948707
Emsisoft	Trojan.GenericKD.43948707 (B)
Comodo	Malware@#53zsb0t6fkhy
F-Secure	Trojan.TR/Dldr.Agent.sszod
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-S
McAfee-GW-Edition	RDN/AgentTesla
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.MSIL.Agent
Avira	TR/Dldr.Agent.sszod
Microsoft	Trojan:Win32/Ymacco.AA58
Arcabit	Trojan.Generic.D29E9AA3
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
GData	Trojan.GenericKD.43948707
McAfee	RDN/AgentTesla
MAX	malware (ai score=86)
Malwarebytes	Trojan.Downloader
Panda	Trj/GdSda.A
Yandex	Trojan.DL.Agent!whzjjbheICk
Fortinet	MSIL/Agent.GUU!tr.dldr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml

How to remove MSIL/TrojanDownloader.Agent.GUU?

MSIL/TrojanDownloader.Agent.GUU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X