What is “Trojan:MSIL/Convagent!atmn”?

The Trojan:MSIL/Convagent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Convagent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Convagent!atmn?


File Info:
name: A4101BC3537CA8B76A37.mlw
path: /opt/CAPEv2/storage/binaries/a42f5d9e58d594dd109fb160444a73544dce25ac767c27d8d8bcd1ce2d019ef4
crc32: 7844FED6
md5: a4101bc3537ca8b76a37c203e791e4a7
sha1: ac60e24e057acfc50768440197fea1989a34e9c0
sha256: a42f5d9e58d594dd109fb160444a73544dce25ac767c27d8d8bcd1ce2d019ef4
sha512: 1c4314565d54b07f940e9998f7507ce8849e6482467b9409990451b38f1f3eb1c386402ca0a49c882c78186c25925562208cbb25784846cef8af0fce39cc0b52
ssdeep: 96:WwUQ1fWDU9RB1ra5MLGyXwdjWjP+5/z1WdSpH27GnfcJU/SW5PfXGhFoK:W/21Di5MX4GG5JH6G0k53XC
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D5F10B0667FA0146F0BF8F3C5DF18685D1BAF2269F17E65F2C91828D18732610F51A74
sha3_384: 757f52e81a18ea6dae69fe6e54fe9ac423a9a50f8a22700e38a53f21d9906c7adbcfbc26ab19e5e8ff85c4d917e1cce0
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-02-19 04:03:57

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: jbytrdhq.dll
LegalCopyright:  
OriginalFilename: jbytrdhq.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Convagent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
DrWeb	Trojan.InjectNET.47
MicroWorld-eScan	Gen:Variant.Bulz.689297
ClamAV	Win.Packed.Rozena-9918685-0
CAT-QuickHeal	Trojan.SabsikFC.S24736384
Skyhigh	GenericRXOD-HW!A4101BC3537C
McAfee	GenericRXOD-HW!A4101BC3537C
Malwarebytes	Trojan.Injector
Zillya	Trojan.RozenaGen.Win32.1
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005aafeb1 )
K7GW	Trojan ( 005aafeb1 )
CrowdStrike	win/malicious_confidence_100% (W)
VirIT	Trojan.Win32.MSIL.BUY
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Rozena.W
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Convagent.gen
BitDefender	Gen:Variant.Bulz.689297
Avast	Win32:TrojanX-gen [Trj]
Tencent	Trojan.MSIL.Rozena.ha
TACHYON	Trojan/W32.DN-Convagent.7680.B
Emsisoft	Gen:Variant.Bulz.689297 (B)
F-Secure	Trojan.TR/Rozena.irpye
VIPRE	Gen:Variant.Bulz.689297
TrendMicro	TROJ_GEN.R011C0DBK24
FireEye	Generic.mg.a4101bc3537ca8b7
Sophos	Troj/Rozena-AD
Ikarus	Trojan.MSIL.Rozena
Google	Detected
Avira	TR/Rozena.irpye
Microsoft	Trojan:MSIL/Convagent!atmn
Arcabit	Trojan.Bulz.DA8491
ZoneAlarm	HEUR:Trojan.MSIL.Convagent.gen
GData	MSIL.Backdoor.Rozena.H
Varist	W32/Rozena.DE.gen!Eldorado
AhnLab-V3	Trojan/Win.HW.C4704805
Acronis	suspicious
ALYac	Gen:Variant.Bulz.689297
MAX	malware (ai score=88)
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R011C0DBK24
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Rozena.W!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Convagent!atmn?

Trojan:MSIL/Convagent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X