OScope.TrojanDropper.MSIL.Agent removal guide

The OScope.TrojanDropper.MSIL.Agent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What OScope.TrojanDropper.MSIL.Agent virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine OScope.TrojanDropper.MSIL.Agent?


File Info:
name: C4767249B9E0BA0E68D6.mlw
path: /opt/CAPEv2/storage/binaries/c8c1913840fbcf4e114a1ff1b2639ec72e95463de32d636150940193bdbff803
crc32: 5695B6BB
md5: c4767249b9e0ba0e68d60a7e65f497d0
sha1: e969b0e17a1409e30f861e3395d31a94481f8075
sha256: c8c1913840fbcf4e114a1ff1b2639ec72e95463de32d636150940193bdbff803
sha512: 8ddbb5bf287a05f89e983c5c5cd9c4b6308b847e52a5e63e9b0c4d9b79aa5b1f2e70b39305c80c70756934ccded5cf75479abb11d638d22614fecec8fd11cc17
ssdeep: 3072:dL+XUGYtm/G/m3uVE+PWGPWvXPN9PmfcVszlPwNBsH2P/Pd9Ul/GOPU14NBO29Mj:p+XUG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFE47FB13B5E9E7C8CABD7B2C0C674D315E58ADE847506ED83A65B33331A90B053981E
sha3_384: ea1739969483b82d51a86ec03bdf19d2852d467033f84878d9e4fc9da2ceb4a7b46d72cac9e5ce6fa004376555c131ec
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-09-27 00:11:05

Version Info:
Translation: 0x0000 0x04b0
FileDescription: WindowsApplication1
FileVersion: 1.0.0.0
InternalName: WindowsApplication1.exe
LegalCopyright: Copyright ©  2023
OriginalFilename: WindowsApplication1.exe
ProductName: WindowsApplication1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

OScope.TrojanDropper.MSIL.Agent also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.17a140
Cyren	W32/MSIL_Troj.CNQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.TTT
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Generic
Avast	Win32:DropperX-gen [Drp]
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:zWMqDJ6BQFxoxvToBFS+Gg)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
FireEye	Generic.mg.c4767249b9e0ba0e
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
Avira	TR/Dropper.MSIL.Gen
Microsoft	Trojan:MSIL/NjRat.NEAE!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Generic
GData	MSIL.Trojan.Agent.AUM
Google	Detected
AhnLab-V3	Win-Trojan/MSILKrypt09.Exp
VBA32	OScope.TrojanDropper.MSIL.Agent
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.SHW!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove OScope.TrojanDropper.MSIL.Agent?

OScope.TrojanDropper.MSIL.Agent removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X