MSIL/TrojanDownloader.Agent.NEN removal instruction

The MSIL/TrojanDownloader.Agent.NEN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.NEN virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.NEN?


File Info:
name: B6F9C4A438A925B1BF87.mlw
path: /opt/CAPEv2/storage/binaries/90e65ab46ed0f2b2070cb5237f0f1abcaba13dbf3c637165159dbab0deff9e19
crc32: B583B0E6
md5: b6f9c4a438a925b1bf8783f4445435b3
sha1: 1bddb00440f165f98b6219bae1e1dd784ee3dc41
sha256: 90e65ab46ed0f2b2070cb5237f0f1abcaba13dbf3c637165159dbab0deff9e19
sha512: 11d177d3a4e72f3cd0743911135bf17fdec40b9a197ef88eaa79296de53d78d8b24b63e423ec46aebf38dc93073319ce7c2d5637482eecdca9593740ab06a962
ssdeep: 49152:TBZ6v3/0HTj169yWEY969K22VwFHuejVoruy:TWv3/0HTj169yWEY969r2Vmo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T176D572862F88C533E249973AC6E36A2C93E7F40CA656D2C334E957B7345A7035D21B1E
sha3_384: 3d7fae8f124fc6bbda7e981cf56a27382d33f94527e38b58da344e2b79c9b1b416e3fcdb33de170f7fc6e11c76dfea79
ep_bytes: ff2588016a0000000000000000005c01
timestamp: 2023-08-19 23:55:52

Version Info:
Translation: 0x0000 0x04b0
Comments: BzNTMwKcQXPgtPJWoHbBLFyG
CompanyName: wPXGCkMpLoNDFfTn
FileDescription: zWTHgXpHJFcGwTDKfCESrAdY
FileVersion: 46.82.29.188
InternalName: ZtSXJ
LegalCopyright: ZqNKB
OriginalFilename: ZtSXJ
ProductName: AwARPgJaWtBHTKsdNEMCc
ProductVersion: 46.82.29.188
Assembly Version: 46.82.29.188

MSIL/TrojanDownloader.Agent.NEN also known as:

Elastic	malicious (high confidence)
McAfee	GenericRXVQ-ET!B6F9C4A438A9
Malwarebytes	Crypt.Trojan.MSIL.DDS
Sangfor	Virus.Win32.Save.a
BitDefender	IL:Trojan.MSILZilla.26396
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Agent.EZD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NEN
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
MicroWorld-eScan	IL:Trojan.MSILZilla.26396
Rising	Spyware.SnakeLogger!8.15FDD (TFE:dGZlOg0gU0ST/JFS3A)
Emsisoft	IL:Trojan.MSILZilla.26396 (B)
F-Secure	Heuristic.HEUR/AGEN.1310181
DrWeb	Trojan.Siggen19.9878
VIPRE	IL:Trojan.MSILZilla.26396
McAfee-GW-Edition	GenericRXVQ-ET!B6F9C4A438A9
FireEye	IL:Trojan.MSILZilla.26396
Ikarus	Trojan.MSIL.Krypt
Avira	HEUR/AGEN.1310181
MAX	malware (ai score=86)
Microsoft	Trojan:MSIL/AveMaria.NECT!MTB
Arcabit	IL:Trojan.MSILZilla.D671C
ZoneAlarm	HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
GData	IL:Trojan.MSILZilla.26396
Google	Detected
AhnLab-V3	Infostealer/Win.RequestPOST.C5337962
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.36350.No0@ayamlDd
ALYac	IL:Trojan.MSILZilla.26396
VBA32	OScope.Malware-Cryptor.MSIL.Agent
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.AGXL!tr
CrowdStrike	win/malicious_confidence_90% (D)

How to remove MSIL/TrojanDownloader.Agent.NEN?

MSIL/TrojanDownloader.Agent.NEN removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X