About “Troj/MSIL-QVQ” infection

The Troj/MSIL-QVQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Troj/MSIL-QVQ virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Troj/MSIL-QVQ?


File Info:
name: 64598D4F654423CABA09.mlw
path: /opt/CAPEv2/storage/binaries/891ba97383ff12409a191032014bf0a8be3d785c1a919a607333f839199e9be5
crc32: 8D5369E2
md5: 64598d4f654423caba098449906fb2ad
sha1: d33f1ba9e661a1272afbc1e7b2d6a9a8e4584345
sha256: 891ba97383ff12409a191032014bf0a8be3d785c1a919a607333f839199e9be5
sha512: 92a0d402c1c06efd639fa30d9ed7dd47cfcfc1cf62148d243c03bf522edce6f111431413d22f33f72874dfdc20f8bdf5ccb1612a345f9866b3e2cc2a8156ba86
ssdeep: 96:cEnmIraBscE2VYlnlYJnLEM/mTL0KfCeg1VtXmrLh2K:cKmBVInlYJL/eTLTr
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1A5C1C61293F442B2C69B07730DB32A029B75C704EF6BEB6F0891A33259E35484663676
sha3_384: 39fdb5ff62d574380c363e25ea59610c7fc676fda00b4b54b544c4fe905b5374b48ee9a4ad5a75cdd3e5abe3a4f6d7bd
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-08-01 02:19:04

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: ys8qslam.dll
LegalCopyright:  
OriginalFilename: ys8qslam.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Troj/MSIL-QVQ also known as:

Bkav	W32.Jnk.ZegostTTc.Worm
Lionic	Trojan.Win32.Generic.4!c
Skyhigh	Artemis
McAfee	Artemis!64598D4F6544
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004f17611 )
K7GW	Trojan ( 004f17611 )
CrowdStrike	win/malicious_confidence_70% (W)
Symantec	SecurityRisk.gen1
Sophos	Troj/MSIL-QVQ
Varist	W32/MSIL_Agent.BSW.gen!Eldorado
ViRobot	Trojan.Win32.Small.6144.T
Google	Detected
Rising	Trojan.Agent!1.A47E (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.BSW!tr
DeepInstinct	MALICIOUS

How to remove Troj/MSIL-QVQ?

Troj/MSIL-QVQ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X