MSIL/TrojanDownloader.Agent.JTN removal tips

The MSIL/TrojanDownloader.Agent.JTN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.JTN virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.JTN?


File Info:
name: AD27FCB9C6D04BAB76D9.mlw
path: /opt/CAPEv2/storage/binaries/ad56622065377d19bd9b73a867869829651525307ecfa230775c853873ea2974
crc32: AB86B645
md5: ad27fcb9c6d04bab76d96c1396b1d485
sha1: 3a60d852530a62b7bb017e5bc6552a3cb19b672e
sha256: ad56622065377d19bd9b73a867869829651525307ecfa230775c853873ea2974
sha512: 09cf681af6f1ac6e6be3b5f111c3fbe59492cb7f08535d169f84ba7e70c221aff3a929c3cf1807f55b3cac9de905f5f2752d3f33af79066b13cd833d0ee7b80e
ssdeep: 6144:7bvjneY8CUSvpxxxkxxxkxxxkxxxxkxxxkxxxAuFI:De2USvpxxxkxxxkxxxkxxxxkxxxkxxxA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13924FED6A9980256D3D718B0D94AC7720B15BD7F84404863A2FD3C3B3FED4A7E066E29
sha3_384: 318f3de386f0d71ede2b224bc17813b9c42bb899d5904b3c54646be00974b7372daeae4626876ead3999932a4d043876
ep_bytes: ff250020400000000000000000000000
timestamp: 2098-08-25 21:10:30

Version Info:
Translation: 0x0000 0x04b0
Comments: Lefty Mailer
CompanyName: Honey Bucket
FileDescription: Lefty Mailer
FileVersion: 5.0.0.0
InternalName: lefty mail.exe
LegalCopyright: Copyright © Lefty. 2021
LegalTrademarks: 
OriginalFilename: lefty mail.exe
ProductName: Lefty Mailer v5
ProductVersion: 5.0.0.0
Assembly Version: 5.0.0.0

MSIL/TrojanDownloader.Agent.JTN also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47621987
FireEye	Generic.mg.ad27fcb9c6d04bab
McAfee	Artemis!AD27FCB9C6D0
Cylance	Unsafe
K7AntiVirus	Trojan-Downloader ( 0058ba921 )
Alibaba	Backdoor:MSIL/Crysan.a2f6e475
K7GW	Trojan-Downloader ( 0058ba921 )
Cybereason	malicious.2530a6
BitDefenderTheta	Gen:NN.ZemsilF.34084.nm0@aOLV!He
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.JTN
APEX	Malicious
Avast	FileRepMalware
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
BitDefender	Trojan.GenericKD.47621987
Ad-Aware	Trojan.GenericKD.47621987
Emsisoft	Trojan.GenericKD.47621987 (B)
TrendMicro	TROJ_GEN.R002C0WLD21
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.47621987
Avira	TR/Dldr.Agent.qwzbi
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.MSILZilla.C4848087
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.47621987
MAX	malware (ai score=87)
Malwarebytes	Trojan.Downloader.MSIL.Generic
TrendMicro-HouseCall	TROJ_GEN.R002C0WLD21
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.JTN!tr.dldr
AVG	FileRepMalware
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)

How to remove MSIL/TrojanDownloader.Agent.JTN?

MSIL/TrojanDownloader.Agent.JTN removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X