Trojan.MSIL.Agent.fofq removal guide

The Trojan.MSIL.Agent.fofq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.MSIL.Agent.fofq virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan.MSIL.Agent.fofq?


File Info:
name: BDAAAAC47FB6EB9D2CE2.mlw
path: /opt/CAPEv2/storage/binaries/835cf52ada8708b4f915354b4fbece9883835615f99e769067d272e592dbdcd4
crc32: 89A2E082
md5: bdaaaac47fb6eb9d2ce205a77aa6141e
sha1: db57e8f38a4e165c2f6ae0a474b4e008976b0d57
sha256: 835cf52ada8708b4f915354b4fbece9883835615f99e769067d272e592dbdcd4
sha512: 30d1ab155669b4f94088f20216ae90ba03b9ff21d104785c8871936a4041f3e2b2da5b632a8d3217702b28777c3f70f8016b87dfe992432801b8591ed2b698c2
ssdeep: 3072:9xiN69oNmoaelUsqFKlKy6M3L6ZHfXo3AVto/eM2Ubw0Q8RZzFPk2I111KYTI1Uv:9g9VGJEPTiFVtoWMhHMzTy1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC24E082F746E295CC6E0E30C990D0E0573BB4DBAE11888636E4711E69F2366D463F77
sha3_384: 2033b3e8ee918cef6edae2668cd9664f10515c6386b13af64bb36b51101bb1cf8ba200efc79f9898baaa8b5e945cba44
ep_bytes: 8bec609ce9f3b9000000000000000000
timestamp: 2015-10-06 06:10:23

Version Info:
CompanyName: Microsoft 
FileDescription: Microsoft Photo Viewer 
FileVersion: 1.0.0.0
InternalName: filescan.exe
LegalCopyright: Microsoft Photo Viewer Copyright ©  2015 
OriginalFilename: filescan.exe
ProductName: windowsscan
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0
Translation: 0x0000 0x04b0

Trojan.MSIL.Agent.fofq also known as:

ClamAV	Win.Spyware.CrimsonRat-9859243-0
Cylance	Unsafe
Cybereason	malicious.38a4e1
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.AAP
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	Trojan.MSIL.Agent.fofq
NANO-Antivirus	Trojan.Win32.Dwn.dzwukj
Rising	Downloader.Small!8.B41 (TFE:dGZlOgwI8gvQrH3Bvw)
Sophos	Troj/Foreign-AF
F-Secure	Heuristic.HEUR/AGEN.1203635
DrWeb	Trojan.DownLoader16.59011
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.bdaaaac47fb6eb9d
Ikarus	Trojan-Downloader.MSIL.Small
Jiangmin	Trojan.MSIL.nreg
Avira	HEUR/AGEN.1203635
Antiy-AVL	Trojan/Win32.SGeneric
ZoneAlarm	Trojan.MSIL.Agent.fofq
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
Acronis	suspicious
Malwarebytes	Malware.Heuristic.1001
SentinelOne	Static AI – Malicious PE
BitDefenderTheta	Gen:NN.ZemsilF.34796.mm0@aijHx7m
AVG	Win32:DropperX-gen [Drp]
Avast	Win32:DropperX-gen [Drp]

How to remove Trojan.MSIL.Agent.fofq?

Trojan.MSIL.Agent.fofq removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X