How to remove “MSIL/TrojanDownloader.Agent.NUJ”?

The MSIL/TrojanDownloader.Agent.NUJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.NUJ virus can do?

CAPE extracted potentially suspicious content
.NET file is packed/obfuscated with SmartAssembly
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.NUJ?


File Info:
name: A889F725271D3CBE274B.mlw
path: /opt/CAPEv2/storage/binaries/eb5a9e515438c29a2efc43fcf8472237e60900c9cd9efcc2e2f3cb8203d1e0e1
crc32: DB3E2AC7
md5: a889f725271d3cbe274bc4e4ac2fd40a
sha1: ff7fd18d0f308afe1e79bdc9eb2f764d0a72ab0a
sha256: eb5a9e515438c29a2efc43fcf8472237e60900c9cd9efcc2e2f3cb8203d1e0e1
sha512: 37650b05ffec3f1797fda9e39e067b36bf481e60cb0f3e20524d698827bc9aec5198761ea9d638cc1891696f1ac787dff48e962e329d2e66a54de96b200dfe56
ssdeep: 3072:bd7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/9n/87gUHCzQgtn9LXCk9aPE:pG5FJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFC321827146DCDAD45328F2586ED57060B47ECF8165CA0D3B83BF2A94E734234A7B9E
sha3_384: edc2d6cf7e782f707e6a9e57f7263b7c71af9e6f7eb4a67d792a2b344c2f146311d170487e48025c9b0f88c7e6465815
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-10-20 16:24:37

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: 10-20-Pago.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 10-20-Pago.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.NUJ also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.MSIL.Wagex.a!c
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Heur.MSIL.Bladabindi.1
McAfee	Artemis!A889F725271D
Cylance	Unsafe
VIPRE	Gen:Heur.MSIL.Bladabindi.1
Alibaba	TrojanDownloader:MSIL/Wagex.7e6f70af
Cybereason	malicious.5271d3
Cyren	W32/MSIL_Downldr.G.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NUJ
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Downloader.MSIL.Wagex.gen
BitDefender	Gen:Heur.MSIL.Bladabindi.1
Avast	DropperX-gen [Drp]
Ad-Aware	Gen:Heur.MSIL.Bladabindi.1
Emsisoft	Gen:Heur.MSIL.Bladabindi.1 (B)
McAfee-GW-Edition	Artemis
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.a889f725271d3cbe
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.MSIL.Bladabindi.1
MAX	malware (ai score=89)
Arcabit	Trojan.MSIL.Bladabindi.1
Microsoft	Trojan:Win32/Woreflint.A!cl
Google	Detected
VBA32	Downloader.MSIL.gen.rexp
Malwarebytes	Trojan.Downloader
Rising	Downloader.Wagex!8.15ADE (CLOUD)
Ikarus	Trojan-Downloader.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZemsilF.34726.hm0@aKxlJ1p
AVG	DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove MSIL/TrojanDownloader.Agent.NUJ?

MSIL/TrojanDownloader.Agent.NUJ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X