About “Trojan:MSIL/Convagent!atmn” infection

The Trojan:MSIL/Convagent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Convagent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Convagent!atmn?


File Info:
name: 2DDF5A3716350F027A9D.mlw
path: /opt/CAPEv2/storage/binaries/1a976d47784b6b4cc24aa3ac7a5143ba75a55f66389a8750533aa81612c237e9
crc32: 2D31890F
md5: 2ddf5a3716350f027a9db42aa73e95e0
sha1: 7f53963cafd451bf428f07f3d61a744e5f03b659
sha256: 1a976d47784b6b4cc24aa3ac7a5143ba75a55f66389a8750533aa81612c237e9
sha512: 0d06a0c00a6578db80d61c171078c02b22c094ffb1cea61d1d13eddf7fc9bb0688768545f7f842a75a53dc85e8af07c6d12504e843c1e47c6b3ffa126b949e59
ssdeep: 96:JwUQ7fODU9Rl1ra5MLGMXwU4jWjP+5/zcWdSpH27GnfcJU/SW5PfXYh52K:J/UdD+5aXWGG5oH6G0k53Xm
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1CCF10A06A7FA0146E0BFCB7C5DF18685D1BAF226AF17E71F2C91428D19B32610F51A78
sha3_384: 5dc3cf9ed96587fb8faa6a6cd1b46e21639be4c7ef945fd9342968ed7ec929b17a72cd8b133102e41aa5e801d88d6e6d
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-30 17:18:25

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: wbsmmnzr.dll
LegalCopyright:  
OriginalFilename: wbsmmnzr.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Convagent!atmn also known as:

Bkav	W32.Common.F19FB5ED
Lionic	Trojan.Win32.Rozena.4!c
Cynet	Malicious (score: 100)
FireEye	Generic.mg.2ddf5a3716350f02
CAT-QuickHeal	Trojan.SabsikFC.S24736384
Skyhigh	GenericRXOD-HW!2DDF5A371635
McAfee	GenericRXOD-HW!2DDF5A371635
Cylance	unsafe
Zillya	Trojan.RozenaGen.Win32.1
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005aafeb1 )
Alibaba	Trojan:MSIL/Convagent.77daf567
K7GW	Trojan ( 005aafeb1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Rozena.W
APEX	Malicious
ClamAV	Win.Packed.Rozena-9918685-0
Kaspersky	HEUR:Trojan.MSIL.Convagent.gen
BitDefender	Gen:Variant.Tedy.125806
NANO-Antivirus	Trojan.Win32.Convagent.kczoyr
MicroWorld-eScan	Gen:Variant.Tedy.125806
Avast	Win32:TrojanX-gen [Trj]
Tencent	Trojan.MSIL.Rozena.ha
TACHYON	Trojan/W32.DN-Convagent.7680
Emsisoft	Gen:Variant.Tedy.125806 (B)
F-Secure	Trojan.TR/Rozena.amdsm
DrWeb	Trojan.InjectNET.47
VIPRE	Gen:Variant.Tedy.125806
TrendMicro	TROJ_GEN.R011C0DK123
Sophos	Troj/Rozena-AD
Ikarus	Trojan.MSIL.Rozena
GData	MSIL.Backdoor.Rozena.H
Varist	W32/Rozena.DE.gen!Eldorado
Avira	TR/Rozena.amdsm
Arcabit	Trojan.Tedy.D1EB6E
ZoneAlarm	HEUR:Trojan.MSIL.Convagent.gen
Microsoft	Trojan:MSIL/Convagent!atmn
Google	Detected
AhnLab-V3	Trojan/Win.HW.C4704805
ALYac	Gen:Variant.Tedy.125806
MAX	malware (ai score=85)
Malwarebytes	Trojan.Injector
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R011C0DK123
Yandex	Trojan.Convagent!6pcA3DiC/z0
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Rozena.W!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Convagent!atmn?

Trojan:MSIL/Convagent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X