MSIL/TrojanDownloader.Agent.NAD removal guide

The MSIL/TrojanDownloader.Agent.NAD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.NAD virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.NAD?


File Info:
name: 84223BD34F87E495BE7B.mlw
path: /opt/CAPEv2/storage/binaries/948ffd49affd27c965958b0c7c224e0f7b476373fc0a2f8fb712a74a02da1a62
crc32: D8870777
md5: 84223bd34f87e495be7b272533353522
sha1: e8cef0491285a93fe4c4f401ec8af0a59a06b186
sha256: 948ffd49affd27c965958b0c7c224e0f7b476373fc0a2f8fb712a74a02da1a62
sha512: 213372e9fb993fe1fb79365f03ba058432cbe2959108a41c7f5eb97466aa48e44c92db52c48951dd5fb760551b44807a8487eb70fcde5635abcdda152f7df49e
ssdeep: 192:+P1aR7FYuqdvr0LHLsLcI/qBTdhLi5JT8DccQ0IVGOB:KaR7FYuq1QLHLsLciST7LScQ0IY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16712D57E63EC037AC6B2CF3268A362853B35A717BA168E5E70C542098C5371067D27A9
sha3_384: 177847bcb40e52e9bb22d33e944b0c78d63ba042af0589986274594c5ec44104e7d201ee71ebf08a3875eca4255ac14f
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-10-01 17:48:40

Version Info:
Translation: 0x0000 0x04b0
FileDescription: WindowsFormsApplication1
FileVersion: 1.0.0.0
InternalName: WindowsFormsApplication1.exe
LegalCopyright: Copyright ©  2022
OriginalFilename: WindowsFormsApplication1.exe
ProductName: WindowsFormsApplication1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.NAD also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.MSIL.Injector.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.84223bd34f87e495
Cylance	Unsafe
Sangfor	Downloader.Msil.Agent.Vh34
Alibaba	Trojan:MSIL/Injector.98041d98
Symantec	MSIL.Downloader!gen2
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NAD
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002H0CJ622
Kaspersky	HEUR:Trojan.MSIL.Injector.gen
Avast	Win32:DropperX-gen [Drp]
Tencent	Msil.Trojan-Downloader.Ader.Ekjl
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	TR/Dldr.Agent.nggqj
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Win32.Trojan.Agent.I098ND
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Gen.Generic.C5272731
McAfee	Artemis!84223BD34F87
Rising	Trojan.Generic/MSIL@AI.98 (RDM.MSIL:XdSC+8BzqDcNyVkcYfC0rw)
Ikarus	Trojan.MSIL.Krypt
Fortinet	PossibleThreat
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove MSIL/TrojanDownloader.Agent.NAD?

MSIL/TrojanDownloader.Agent.NAD removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X