About “Troj/MSIL-QVQ” infection

The Troj/MSIL-QVQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Troj/MSIL-QVQ virus can do?

Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Troj/MSIL-QVQ?


File Info:
name: 31804220D25A541ABA8A.mlw
path: /opt/CAPEv2/storage/binaries/5c482c6170e5d928dd110598cad05fdf26ecdfcdc246a4ccd1eab16315e9e38c
crc32: 3811BF47
md5: 31804220d25a541aba8a26b9c1ee350e
sha1: b10827d9aa8fa8de5805c7a4300791bcc579d2ba
sha256: 5c482c6170e5d928dd110598cad05fdf26ecdfcdc246a4ccd1eab16315e9e38c
sha512: df3e40458d6c14fe716034df8fdad5460b5589aa1841231cfac52141e8804ae3867a89a381056f5de4d702f831e52c310588a8dfeea38611362c4560f92c99cd
ssdeep: 96:+EnmIraBscE2VYlnlYJnLEM/mTL0Kf9eg1VtXmrLhKK:+KmBVInlYJL/eTLTe
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1E5C1C61297F442B2C69B07730DB32B029B71D704EFA7EB6F0890A33259E29484662776
sha3_384: edb0188f753964b07563cddb0d53f9e359e66afe788d8fd950a84e7b8d033b80588d219c17d50d960600819f611d4382
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-08-02 04:01:58

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: mqtwrcs9.dll
LegalCopyright:  
OriginalFilename: mqtwrcs9.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Troj/MSIL-QVQ also known as:

Bkav	W32.Jnk.ZegostTTc.Worm
Skyhigh	BehavesLike.Win32.BadFile.xt
McAfee	Artemis!31804220D25A
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (W)
K7GW	Trojan ( 004f17611 )
K7AntiVirus	Trojan ( 004f17611 )
Sophos	Troj/MSIL-QVQ
Varist	W32/MSIL_Agent.BSW.gen!Eldorado
Microsoft	Program:Win32/Wacapew.C!ml
ViRobot	Trojan.Win32.Small.6144.T
Google	Detected
Rising	Trojan.Agent!1.A47E (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.BSW!tr
DeepInstinct	MALICIOUS

How to remove Troj/MSIL-QVQ?

Troj/MSIL-QVQ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X