MSIL/TrojanDownloader.Agent.MFV removal

The MSIL/TrojanDownloader.Agent.MFV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.MFV virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.MFV?


File Info:
name: AD00C3ADA2E1B73B5E91.mlw
path: /opt/CAPEv2/storage/binaries/a5a083e24e682fb40bc863b141aed6b48083a860def0dba7ddd74f39f25322ee
crc32: F4CE99E9
md5: ad00c3ada2e1b73b5e91479fde431c47
sha1: 06fa8b825b3a42bb33faf2ed30e4e182ab8c8193
sha256: a5a083e24e682fb40bc863b141aed6b48083a860def0dba7ddd74f39f25322ee
sha512: 6f0cfcfeed6b70ce27d31b99890d6c8d2d3d4984db3739fdb2efb14143a4a08a1f62eef1c9edf7f3cc7875e7200938656a14ddffd1fdfc9a8ba06814f1db3d98
ssdeep: 384:+RNWDgF17AcfyIFCKuu0tc4JuFWXEUW7Y:cNV7fLz4pXEq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142722B67FF4587B2D87C8A7D78166B000231FE4E9852AB1D358C41573DA338A45B27EB
sha3_384: 4f08a95f97b159c6b086a013640ca099d9efb9902c7c5686e536bbbe243cb396d5494e6bd53b2a434cb48790ca04a5af
ep_bytes: ff250020400000000000000000000000
timestamp: 2093-01-22 23:45:12

Version Info:
Translation: 0x0000 0x04b0
Comments: Action! Installer
CompanyName: Mirillis Ltd.
FileDescription: Action! Installer
FileVersion: 4.28.0.0
InternalName: Rnagl.exe
LegalCopyright: Copyright (C) 2009-2022 Mirillis Ltd.
LegalTrademarks: Mirillis
OriginalFilename: Rnagl.exe
ProductName: Action!
ProductVersion: 4.28.0.0
Assembly Version: 4.28.0.0

MSIL/TrojanDownloader.Agent.MFV also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.89012
FireEye	Trojan.GenericKDZ.89012
ALYac	Trojan.GenericKDZ.89012
Alibaba	TrojanDownloader:MSIL/Seraph.a36ff52a
Cyren	W32/MSIL_Kryptik.GSA.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.MFV
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
BitDefender	Trojan.GenericKDZ.89012
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Trojan.GenericKDZ.89012
Emsisoft	Trojan.GenericKDZ.89012 (B)
DrWeb	Trojan.Siggen18.10428
McAfee-GW-Edition	AgentTesla-FDIL!AD00C3ADA2E1
Ikarus	Trojan.MSIL.Inject
GData	Trojan.GenericKDZ.89012
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win.InstMonster.R418685
McAfee	AgentTesla-FDIL!AD00C3ADA2E1
MAX	malware (ai score=86)
Malwarebytes	Trojan.Downloader.MSIL.Generic
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/Agent.MFV!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.34742.bm0@au99AYm
AVG	Win32:PWSX-gen [Trj]

How to remove MSIL/TrojanDownloader.Agent.MFV?

MSIL/TrojanDownloader.Agent.MFV removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X