MSIL/TrojanDownloader.Agent.KIR removal instruction

The MSIL/TrojanDownloader.Agent.KIR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.KIR virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KIR?


File Info:
name: 3751695BBFDF75401A65.mlw
path: /opt/CAPEv2/storage/binaries/73a3d0f138f70e865da8b63e721c2d98e22cb8b30ca6c581bf58401018a099c6
crc32: B61E2652
md5: 3751695bbfdf75401a6589e04807efd8
sha1: 27e0b466ecd9f59c7d1f02de9e0654c987c7bf08
sha256: 73a3d0f138f70e865da8b63e721c2d98e22cb8b30ca6c581bf58401018a099c6
sha512: caa01b40e6de8a254719632ccc7fad64856e5fb9ab7a0c613696b48fe3b853de1b96e7e21497ad7f5843ff283a4308bfa99a5369815baf1060734e4cbfc463d4
ssdeep: 1536:/F/U1CU48NWZhMSBz16JbEHztZvNKOSjn/DpXDObzeCBD3eJlj9vHk:/JU1CU48NWZhMc16JbETteOSUJ0rs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T137140346B385A9CDF0513F3194E23F6A13BA1D60204C6E479E32B6C67E752C274AF8E5
sha3_384: 106d5fe232bab421be299f6ac5e3d26994dbc7ac93be629debcf20b72f680be7ac3cbe02509e1bf1932f879712b83a21
ep_bytes: ff250020400000000000000000000000
timestamp: 2103-09-25 12:08:09

Version Info:
Translation: 0x0000 0x04b0
Comments: Malwarebytes Service
CompanyName: Malwarebytes
FileDescription: Malwarebytes Service
FileVersion: 3.2.0.1015
InternalName: 8013640.exe
LegalCopyright: (C) Malwarebytes. All rights reserved.
LegalTrademarks: 
OriginalFilename: 8013640.exe
ProductName: Malwarebytes Service
ProductVersion: 3.2.0.1015
Assembly Version: 3.2.0.1015

MSIL/TrojanDownloader.Agent.KIR also known as:

Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.48293717
FireEye	Generic.mg.3751695bbfdf7540
ALYac	Trojan.GenericKD.48293717
Cylance	Unsafe
Sangfor	Worm.MSIL.LovGate.gen
K7AntiVirus	Trojan-Downloader ( 0058e1721 )
K7GW	Trojan-Downloader ( 0058e1721 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilCO.34212.mm0@aS0oVt
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.KIR
TrendMicro-HouseCall	TROJ_GEN.R002H0CB822
Paloalto	generic.ml
Kaspersky	HEUR:Email-Worm.MSIL.LovGate.gen
BitDefender	Trojan.GenericKD.48293717
APEX	Malicious
Tencent	Msil.Trojan-downloader.Agent.Ljkb
Ad-Aware	Trojan.GenericKD.48293717
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.48293717 (B)
Ikarus	Trojan-Downloader.MSIL.Agent
GData	Win32.Trojan.Agent.GV8PDN
Avira	HEUR/AGEN.1232073
MAX	malware (ai score=82)
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Tiggre!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4961838
McAfee	Artemis!3751695BBFDF
Malwarebytes	Trojan.MCrypt.MSIL.Generic
Avast	Win32:DropperX-gen [Drp]
Rising	Trojan.Generic/MSIL@AI.90 (RDM.MSIL:IqH1U407U3nJu6EgdDRcLA)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.KIR!tr.dldr
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.KIR?

MSIL/TrojanDownloader.Agent.KIR removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X