About “MSIL/TrojanDownloader.Agent.LER” infection

The MSIL/TrojanDownloader.Agent.LER is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.LER virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.LER?


File Info:
name: 0EB3F9F8B9CAA656E84E.mlw
path: /opt/CAPEv2/storage/binaries/326779dcbe73d8d150e4afe223282697b93cd5f6fc2655cdd752f659487797e6
crc32: 1827FE0D
md5: 0eb3f9f8b9caa656e84e73918e9f477b
sha1: fd783503e322295de4823fefe828308a7f16ecc4
sha256: 326779dcbe73d8d150e4afe223282697b93cd5f6fc2655cdd752f659487797e6
sha512: 70044528280541f2cc612ce067946312843fd8678aa679eb18da0c02614477c658a858a6660e1eb1166ddaab48e2a6df1d5bee7e2885e4462dc5baf0fe252dbf
ssdeep: 49152:+WlTANcpoo9CIuOjgAcGyzNgZhc3vcdmtgUOgEvi4sMq8rOul+:+Sy/ojVEdzFUUmU2vixMzrOul+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T117C5E18D1A404D41ED5393FDF8F607702731963980CB970333A4AB3A9E7BADA6F645A1
sha3_384: e49decbc5c542560d2af338dcd2baa5b1d2be77075462b51344605f8438285c7e722e2a6d5b48b518c1c773a55aeef95
ep_bytes: 
timestamp: 2065-01-14 20:32:14

Version Info:
0: [No Data]

MSIL/TrojanDownloader.Agent.LER also known as:

Bkav	W32.AIDetectNet.01
Sangfor	Trojan.Win32.Sabsik.TE
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.LER
Paloalto	generic.ml
Alibaba	Trojan:MSIL/Generic.c32e962d
Comodo	Heur.Corrupt.PE@1z141z3
DrWeb	Trojan.Inject4.29677
Zillya	Downloader.Agent.Win32.466748
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Sophos	Generic PUA PN (PUA)
APEX	Malicious
Jiangmin	TrojanSpy.MSIL.chxj
Microsoft	Program:Win32/Uwamson.A!ml
Cynet	Malicious (score: 100)
Ikarus	Trojan-Downloader.MSIL.Agent
Tencent	Msil.Trojan-downloader.Agent.Jmh
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.LER!tr.dldr
CrowdStrike	win/malicious_confidence_70% (W)

How to remove MSIL/TrojanDownloader.Agent.LER?

MSIL/TrojanDownloader.Agent.LER removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X