What is “Trojan:MSIL/Convagent!atmn”?

The Trojan:MSIL/Convagent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Convagent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Convagent!atmn?


File Info:
name: C9AEEDA2F7510F2D176A.mlw
path: /opt/CAPEv2/storage/binaries/10a6af687447db77d69e58bec3133ec133fedcfa0490ffae67ca8fa65b0ead0f
crc32: 6B79B4A1
md5: c9aeeda2f7510f2d176aae68cbb95d03
sha1: 918926ba63e54df341bbfffcc6f33ce51a23e646
sha256: 10a6af687447db77d69e58bec3133ec133fedcfa0490ffae67ca8fa65b0ead0f
sha512: da51ac7343415566c1e566478e90895c98ab4ef7d3fe0a3fb64fb0df3ef50aef41b71ba3fc05a7096ef18d6520d897399b540679547fe48892ce7daedb55a828
ssdeep: 96:LwUQ7fODU9Rl1ra5MLGBXwbkjWjP+5/zcWdSpH27GnfcJU/SW5PfXkh5bK:L/UdD+5DXo0GG5oH6G0k53X3
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T158F1FA06A7FA0146E0BFCB3C5DF19686D1BAF226AF17E61F2C91428D18732610F51A78
sha3_384: 4b7879720cfa36eee3b76c1d6b9af95b460a1eec1ec1c1d7a5886d0e8553cc7ba86fb3956ff417e72869d28b9d0101a4
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-03-11 18:56:33

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: zl2bmqqh.dll
LegalCopyright:  
OriginalFilename: zl2bmqqh.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Convagent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.125806
FireEye	Generic.mg.c9aeeda2f7510f2d
CAT-QuickHeal	Trojan.SabsikFC.S24736384
Skyhigh	GenericRXOD-HW!C9AEEDA2F751
McAfee	GenericRXOD-HW!C9AEEDA2F751
Malwarebytes	Trojan.Injector
Zillya	Trojan.RozenaGen.Win32.1
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005aafeb1 )
K7GW	Trojan ( 005aafeb1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Rozena.W
APEX	Malicious
ClamAV	Win.Packed.Rozena-9918685-0
Kaspersky	HEUR:Trojan.MSIL.Convagent.gen
BitDefender	Gen:Variant.Tedy.125806
Avast	Win32:TrojanX-gen [Trj]
Tencent	Trojan.MSIL.Rozena.ha
TACHYON	Trojan/W32.DN-Convagent.7680
Sophos	Troj/Rozena-AD
F-Secure	Trojan.TR/Rozena.jwdbp
DrWeb	Trojan.InjectNET.47
VIPRE	Gen:Variant.Tedy.125806
Emsisoft	Gen:Variant.Tedy.125806 (B)
Ikarus	Trojan.MSIL.Rozena
Google	Detected
Avira	TR/Rozena.jwdbp
Varist	W32/Rozena.DE.gen!Eldorado
Microsoft	Trojan:MSIL/Convagent!atmn
Arcabit	Trojan.Tedy.D1EB6E
ZoneAlarm	HEUR:Trojan.MSIL.Convagent.gen
GData	MSIL.Backdoor.Rozena.H
AhnLab-V3	Trojan/Win.HW.C4704805
Acronis	suspicious
MAX	malware (ai score=88)
Rising	Trojan.Rozena!8.6D (TOPIS:E0:BquTqvs5EHO)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Rozena.W!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Convagent!atmn?

Trojan:MSIL/Convagent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X