MSIL/TrojanDownloader.Agent.MGA removal

The MSIL/TrojanDownloader.Agent.MGA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.MGA virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.MGA?


File Info:
name: 9CEFE1137BD96CA7EE37.mlw
path: /opt/CAPEv2/storage/binaries/391170495ae47cdaaf3ff588721ca63a4565385e0bd8ebf4eeb4251a838214df
crc32: 8FC49F99
md5: 9cefe1137bd96ca7ee378143ce4706cf
sha1: 38b101a432c2be55edbbdd68cccbdafb195d7941
sha256: 391170495ae47cdaaf3ff588721ca63a4565385e0bd8ebf4eeb4251a838214df
sha512: 1ad796c69003aa39b01e18fa8ac7b21c379a6fb676882afabc20fb2c659322e203601b2e5ee22aae9f257bd05a4afc3952ec7efb52c37d19bba920c07d33eb76
ssdeep: 49152:61aR+axysYC6syUkoPaPS2AJNyxUP+MkQ1WYhz2:6cutClVkoOSfJNAUWgM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AF064763315F86C5D0A1BEF1F55152110A247E2A4266B188587EB1B907F2BE3CC7AECF
sha3_384: 33118f784c601f25340743bb884e6f731e0457544987e96ea2465817671e79ee77299e4fa3d8cd6b55b30916f34fecc0
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-20 18:34:13

Version Info:
Translation: 0x0000 0x04b0
Comments: Simple editor with encryption features
CompanyName: Crypto Notepad
FileDescription: Crypto Notepad
FileVersion: 1.7.0.0
InternalName: Crypto Notepad.exe
LegalCopyright: Sigmanor
LegalTrademarks: Crypto Notepad
OriginalFilename: Crypto Notepad.exe
ProductName: Crypto Notepad
ProductVersion: 1.7.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.MGA also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.10243
FireEye	Gen:Variant.Lazy.10243
CAT-QuickHeal	Trojan.MsilFC.S26035661
McAfee	GenericRXRV-IJ!9CEFE1137BD9
VIPRE	Gen:Variant.Lazy.10243
Cyren	W32/MSIL_Kryptik.EJI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.MGA
ClamAV	Win.Trojan.WPDownloader-9939915-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Stelega.gen
BitDefender	Gen:Variant.Lazy.10243
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Variant.Lazy.10243
Emsisoft	Gen:Variant.Lazy.10243 (B)
DrWeb	Trojan.Siggen15.51495
McAfee-GW-Edition	GenericRXRV-IJ!9CEFE1137BD9
GData	Gen:Variant.Lazy.10243
Jiangmin	Trojan.PSW.MSIL.cyrz
Avira	HEUR/AGEN.1236036
MAX	malware (ai score=80)
Arcabit	Trojan.Lazy.D2803
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Dropper/Win.Generic.C4773527
ALYac	Gen:Variant.Lazy.10243
Malwarebytes	Malware.AI.1931333025
Rising	Trojan.Generic/MSIL@AI.94 (RDM.MSIL:4cZ4woxLrLO+FzIl3LB+WQ)
Ikarus	Win32.Outbreak
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)

How to remove MSIL/TrojanDownloader.Agent.MGA?

MSIL/TrojanDownloader.Agent.MGA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X