Trojan

MSIL/TrojanDownloader.Agent.JWX removal guide

Malware Removal

The MSIL/TrojanDownloader.Agent.JWX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.JWX virus can do?

  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.JWX?



File Info:

name: ED1B188894ABCC69B141.mlw
path: /opt/CAPEv2/storage/binaries/b639555bf101f6461b0156f0d93b786d8b120e56810f56b0d98b5593233f1377
crc32: 7FB65923
md5: ed1b188894abcc69b141b5abdaad1c8b
sha1: e4e14b7c455e742a2583e77554966f95ba79bfe9
sha256: b639555bf101f6461b0156f0d93b786d8b120e56810f56b0d98b5593233f1377
sha512: 0f53f3d443ecc78ee7d64c62ca500c0b00e30dc970436bdc823df568524c4b55325f6830087acdaabc6dde7230868893f760c4b5ffa9105df87be960ff293460
ssdeep: 1536:oNLNBxYbl9NfxOMHJ0cYeWQzPhOvVihneW9+zBERo7/:avxYbvNfxb0wz5OdRS6BERoz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18083BD3B6AA0C4D9C755D5B0E08BF32023B7AED29B41851F33653BDE28663858EED491
sha3_384: 42f1e93a3a77caaac744831a73632ddfd8cc5692b1baeac1094afd2a4aaa4c6d459738d01701d4d89894e4c5012890bd
ep_bytes: ff250020400000000000000000000000
timestamp: 2053-02-15 21:37:41


Version Info:

Translation: 0x0000 0x04b0
Comments: Google Chrome
CompanyName: Google LLC
FileDescription: Google Chrome
FileVersion: 96.0.4664.110
InternalName: OnlyFun.exe
LegalCopyright: Copyright 2021 Google LLC. All rights reserved.
LegalTrademarks: 
OriginalFilename: OnlyFun.exe
ProductName: Google Chrome
ProductVersion: 96.0.4664.110
Assembly Version: 96.0.4664.110

MSIL/TrojanDownloader.Agent.JWX also known as:

Elasticmalicious (high confidence)
CylanceUnsafe
K7AntiVirusTrojan-Downloader ( 0058c63c1 )
K7GWTrojan-Downloader ( 0058c63c1 )
BitDefenderThetaGen:NN.ZemsilF.34114.fm1@a8@hoih
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.JWX
APEXMalicious
KasperskyUDS:Trojan-Downloader.MSIL.PsDownload.gen
BitDefenderTrojan.GenericKD.38434575
AvastWin32:DropperX-gen [Drp]
RisingTrojan.FakeChrome!1.9C7B (CLASSIC)
IkarusTrojan-Downloader.MSIL.Agent
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4892552
McAfeeArtemis!ED1B188894AB
TrendMicro-HouseCallTROJ_GEN.R002H0DA322
TencentMsil.Trojan-downloader.Agent.Akox
SentinelOneStatic AI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetMSIL/Agent.JWX!tr.dldr
AVGWin32:DropperX-gen [Drp]
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.JWX?

MSIL/TrojanDownloader.Agent.JWX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment