Trojan

MSIL/TrojanDownloader.Agent.QGY removal instruction

Malware Removal

The MSIL/TrojanDownloader.Agent.QGY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.QGY virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary file triggered YARA rule

How to determine MSIL/TrojanDownloader.Agent.QGY?



File Info:

name: D3E0800E550889AD4527.mlw
path: /opt/CAPEv2/storage/binaries/41ed808a203e53bf5ad402ddf8af2f4434a17e94ac58224231d936669fd0b229
crc32: 625B83F0
md5: d3e0800e550889ad45270980ca5d31d2
sha1: 3cc43700ce7b812c3c90d74b1fb7757cc14dd026
sha256: 41ed808a203e53bf5ad402ddf8af2f4434a17e94ac58224231d936669fd0b229
sha512: bf4b5ae13f5ae0371d87c33245e54271f45b93a213adc9cc7328d10df1f249efb165718d4949b1320e9223a3d8d313460d9386599ede0366842b527c03a3be1c
ssdeep: 768:Y/qvB/iUdgf7x44gpjoc3+0gJou/WDkdR0ybsazEPMV8PMeNkyAqFnviseo:hJqpXSotK5aeN5Jxviseo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13853D517BABA85B1C6445B77C59B51000362D5F1BF33D71A74AE237E3903BFA980A60B
sha3_384: 9b89cfbba237ad7cfb4aaa6dc081a4b8e509e3d1413d866b2cc3eb551ed6d69807459593a17011e30f3c4113145fb6b2
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-01-15 00:24:23


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: off.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: off.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.QGY also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Mardom.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.71570326
SkyhighBehavesLike.Win32.Generic.km
ALYacTrojan.GenericKD.71570326
Cylanceunsafe
ZillyaDownloader.Agent.Win32.544344
SangforDownloader.Msil.Mardom.Vj7h
K7AntiVirusTrojan-Downloader ( 005b0b721 )
BitDefenderTrojan.GenericKD.71570326
K7GWTrojan-Downloader ( 005b0b721 )
Cybereasonmalicious.e55088
BitDefenderThetaGen:NN.ZemsilF.36802.em0@aGAsYPk
VirITTrojan.Win32.MSIL_Heur.A
SymantecMSIL.Downloader!gen7
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.QGY
APEXMalicious
KasperskyHEUR:Trojan.MSIL.PureCrypt.gen
AlibabaTrojan:MSIL/Mardom.2fde9c23
ViRobotTrojan.Win.Z.Agent.66560.ASW
AvastWin32:KeyloggerX-gen [Trj]
RisingDownloader.Agent!8.B23 (CLOUD)
EmsisoftTrojan.GenericKD.71570326 (B)
F-SecureHeuristic.HEUR/AGEN.1323343
VIPRETrojan.GenericKD.71570326
Trapminemalicious.moderate.ml.score
FireEyeTrojan.GenericKD.71570326
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
VaristW32/MSIL_Agent.EBF.gen!Eldorado
AviraHEUR/AGEN.1323343
MAXmalware (ai score=100)
Antiy-AVLTrojan/MSIL.Mardom
KingsoftWin32.Troj.Generic.v
XcitiumMalware@#3j2wcwvfluy0c
ArcabitTrojan.Generic.D4441396
ZoneAlarmHEUR:Trojan.MSIL.PureCrypt.gen
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5578676
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Downloader.MSIL.Generic
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojan.MSIL.MARDOM.C
TencentMalware.Win32.Gencirc.13febd63
YandexTrojan.PureCrypt!+GEC8Am2TkI
IkarusTrojan.MSIL.Inject
FortinetMSIL/Kryptik.AKOM!tr
AVGWin32:KeyloggerX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan[downloader]:MSIL/PureCrypt.gen

How to remove MSIL/TrojanDownloader.Agent.QGY?

MSIL/TrojanDownloader.Agent.QGY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment