Trojan

TrojanClicker.MSIL.Agent removal guide

Malware Removal

The TrojanClicker.MSIL.Agent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanClicker.MSIL.Agent virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Created network traffic indicative of malicious activity

Related domains:

www.monopolizationnoteworthy.pw
www3.monopolizationnoteworthy.pw

How to determine TrojanClicker.MSIL.Agent?



File Info:

name: ED77B1D971EBC52DBD24.mlw
path: /opt/CAPEv2/storage/binaries/0969d244052d81187625a56d9a1335ab305bee5ee4241402c7fffa66a4ea6c50
crc32: F5098C18
md5: ed77b1d971ebc52dbd24acbde9504b43
sha1: 755bfbafcfe319001b4adca063b1eba82c87d526
sha256: 0969d244052d81187625a56d9a1335ab305bee5ee4241402c7fffa66a4ea6c50
sha512: 572b6d56b8b9d318aa2cef5ccc0b01ae9e2f682127e232af969fdfceb7c43f8b72849b22a28b64ea4995443570c904b91301b25702a137ea159a27382e4019dc
ssdeep: 192:WUaMis2quIDw8IDwBIDRNVP3nnpszYcHeUZ:EMis2qukw8kwCRNVP3nn6zYcHeUZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4424104AEAB422FCB7E313229E59E037E2FF7DF3E46B669744D0B0A1B132049552D59
sha3_384: 288021051d84481833caef502e2cea604721f48798771ac9093537f065deda38da86ba05d75a64d1cc4c5153c3749ff2
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-12-22 04:26:52


Version Info:

Translation: 0x0000 0x04b0
Comments: $AssemblyDescription
CompanyName: Muy
FileDescription: Muy
FileVersion: 6.7.6.192
InternalName: muy.exe
LegalCopyright: Copyright © Muy 2017
LegalTrademarks: © 2017 Muy
OriginalFilename: muy.exe
ProductName: Muy
ProductVersion: 6.7.6.192
Assembly Version: 6.7.6.192

TrojanClicker.MSIL.Agent also known as:

LionicTrojan.MSIL.Agent.8!c
Elasticmalicious (high confidence)
DrWebTrojan.ClickNET.1
MicroWorld-eScanIL:Trojan.MSILZilla.8914
FireEyeGeneric.mg.ed77b1d971ebc52d
McAfeePUP-GUE
SangforTrojan.MSIL.Agent.aue
K7AntiVirusTrojan ( 00528a331 )
AlibabaTrojanClicker:MSIL/AdwareX.44fbea2b
K7GWTrojan ( 00528a331 )
Cybereasonmalicious.971ebc
BitDefenderThetaGen:NN.ZemsilF.34294.am0@aawOo!b
CyrenW32/S-4e75f222!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanClicker.Agent.NSP
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Clicker.MSIL.Agent.aue
BitDefenderIL:Trojan.MSILZilla.8914
NANO-AntivirusTrojan.Win32.Dotdo.fbyfjz
AvastWin32:AdwareX-gen [Adw]
TencentMsil.Trojan.Agent.Amvv
Ad-AwareIL:Trojan.MSILZilla.8914
EmsisoftIL:Trojan.MSILZilla.8914 (B)
ComodoApplication.MSIL.Dotdo.GI@8dtvh3
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Trojan.lt
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataIL:Trojan.MSILZilla.8914
JiangminTrojanClicker.MSIL.vqc
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1110030
Antiy-AVLTrojan/Generic.ASMalwS.24EB059
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.RL_Agent.C4347198
VBA32TrojanClicker.MSIL.Agent
ALYacIL:Trojan.MSILZilla.8914
MalwarebytesAdware.DotDo.Generic
YandexTrojan.CL.Agent!7zn0ktiE1N0
IkarusTrojan.MSIL.TrojanClicker
eGambitUnsafe.AI_Score_93%
FortinetMSIL/Agent.NSP!tr
AVGWin32:AdwareX-gen [Adw]
PandaTrj/GdSda.A

How to remove TrojanClicker.MSIL.Agent?

TrojanClicker.MSIL.Agent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment