What is “TrojanSpy.MSIL.Quasar”?

The TrojanSpy.MSIL.Quasar is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanSpy.MSIL.Quasar virus can do?

Presents an Authenticode digital signature
Attempts to mimic the file extension of a Word 97-2003 document by having ‘doc’ in the file name.
Network activity detected but not expressed in API logs

How to determine TrojanSpy.MSIL.Quasar?


File Info:
crc32: 320C2327
md5: 331a1f87540a962e5cab4eaab6f8ba51
name: Bank Details.doc.exe
sha1: 024d8fbef1c8c44170ee5ce0223cd29e68aecc18
sha256: 0c1eb3ab2996a140f1f7ac4e978fa77a6c3ea11a001378e7e1fdb76a349dd3c0
sha512: cc96abeced856d07d41b31f664b41a9ff1c48d060d6ec873590c7b5578a8fcccfff31a593a995f6ac5a9c2e9c17a586209dc2e1ffe137b7fbccbc90c5e5cb75f
ssdeep: 12288:2yESD7Xba7r0K06UH9mdadPmAmpGAvvvbv/YbY8r1b+zFLwM80KM+lj8ka/lNFW:58ka/lNFWlvQmmm4
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
LegalCopyright: xa9 IObit. All rights reserved.
Assembly Version: 13.0.0.49
FileVersion: 13.0.0.49
CompanyName: IObit
LegalTrademarks: IObit
Comments: Advanced SystemCare Auto Sweep
ProductName: Advanced SystemCare
ProductVersion: 13.0.0.49
FileDescription: Advanced SystemCare Auto Sweep
OriginalFilename: Advanced SystemCare.exe
Translation: 0x0409 0x0514

TrojanSpy.MSIL.Quasar also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34705179
CAT-QuickHeal	TrojanSpy.MSIL
ALYac	Trojan.GenericKD.34705179
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.MSIL.Quasar.l!c
K7AntiVirus	Trojan ( 0056e2341 )
BitDefender	Trojan.GenericKD.34705179
K7GW	Trojan ( 0056e2341 )
CrowdStrike	win/malicious_confidence_90% (W)
TrendMicro	TrojanSpy.MSIL.QUASAR.USMANJ820
Cyren	W32/MSIL_Troj.YW.gen!Eldorado
Symantec	Trojan.Gen.MBT
Avast	Win32:DangerousSig [Trj]
Kaspersky	HEUR:Trojan-Spy.MSIL.Quasar.gen
Alibaba	Backdoor:MSIL/NanoBot.bf36abdd
NANO-Antivirus	Trojan.Win32.Quasar.hzdgtv
ViRobot	Trojan.Win32.Z.Genkryptik.733912
Ad-Aware	Trojan.GenericKD.34705179
Emsisoft	Trojan.GenericKD.34705179 (B)
Comodo	Malware@#2sz8al62b7lmy
F-Secure	Trojan.TR/Kryptik.znyom
Invincea	Mal/Generic-S
McAfee-GW-Edition	PWS-FCRS!331A1F87540A
FireEye	Generic.mg.331a1f87540a962e
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Krypt
Avira	TR/Kryptik.znyom
Microsoft	Backdoor:MSIL/NanoBot.PA!MTB
Arcabit	Trojan.Generic.D2118F1B
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Quasar.gen
GData	Trojan.GenericKD.34705179
AhnLab-V3	Trojan/Win32.MassLogger.C4204924
McAfee	PWS-FCRS!331A1F87540A
MAX	malware (ai score=83)
VBA32	TrojanSpy.MSIL.Quasar
Malwarebytes	PUP.Optional.AdvancedSystemCare
Panda	Trj/CI.A
ESET-NOD32	a variant of MSIL/Kryptik.YCK
TrendMicro-HouseCall	TrojanSpy.MSIL.QUASAR.USMANJ820
Yandex	Trojan.Igent.bUAoJ7.28
SentinelOne	DFI – Malicious PE
Fortinet	MSIL/GenKryptik.ESHC!tr
BitDefenderTheta	Gen:NN.ZemsilF.34566.Sm1@ay4NONmi
AVG	Win32:DangerousSig [Trj]
Cybereason	malicious.ef1c8c
Paloalto	generic.ml
Qihoo-360	Generic/Trojan.Spy.da2

How to remove TrojanSpy.MSIL.Quasar?

TrojanSpy.MSIL.Quasar removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X