Worm

About “Worm.Agent.MSGR” infection

Malware Removal

The Worm.Agent.MSGR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Agent.MSGR virus can do?

  • At least one process apparently crashed during execution
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Worm.Agent.MSGR?



File Info:

crc32: B13460C6
md5: aee109ee2c4bc6625ea958605e4d4f0c
name: AEE109EE2C4BC6625EA958605E4D4F0C.mlw
sha1: 5a6399fe28698b61123393b717afe751890b15db
sha256: 50aa9a1c71204abb82fc70efd427475e23341eca9b73368d35a89f95ae06b708
sha512: 01573b5003ae522e9ff9a4fa6274c58e59c367cc57288b908b6a260d16c3d81ea632de84648db52f58b9e6a650e9c764fcb4fbb357739622d784486e8956a6b9
ssdeep: 12288:VEmDMFqPHn088O8FFs0sI/R/4OAB05bnugAo3RqV:Vv088OsFuoR/4i53MV
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed


Version Info:

0: [No Data]

Worm.Agent.MSGR also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.70799
FireEyeGeneric.mg.aee109ee2c4bc662
Qihoo-360HEUR/QVM18.1.5B27.Malware.Gen
McAfeeArtemis!AEE109EE2C4B
CylanceUnsafe
VIPREWorm.Win32.Agent.cp (v)
SangforMalware
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderTrojan.GenericKDZ.70799
K7GWTrojan ( 0051918e1 )
K7AntiVirusTrojan ( 0051918e1 )
TrendMicroTROJ_GEN.R06EC0CKI20
BaiduWin32.Worm.Agent.fj
CyrenW32/S-b6c35ecc!Eldorado
SymantecW32.SillyWNSE
APEXMalicious
AvastWin32:Evo-gen [Susp]
ClamAVWin.Malware.Bbabdcdc-7358312-0
KasperskyWorm.Win32.Agent.cp
NANO-AntivirusTrojan.Win32.Wofith.hzygna
RisingWorm.Agent!1.CEBD (CLASSIC)
Ad-AwareTrojan.GenericKDZ.70799
EmsisoftTrojan.GenericKDZ.70799 (B)
ComodoWorm.Win32.Agent.CP@42tt
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.MulDrop15.57947
InvinceaML/PE-A + Troj/Agent-BFWE
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
SophosTroj/Agent-BFWE
IkarusWorm.Win32.Agent
JiangminWorm.Agent.tt
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.Agent.cp
MicrosoftWorm:Win32/Sfone
ArcabitTrojan.Generic.D1148F
ZoneAlarmWorm.Win32.Agent.cp
GDataTrojan.GenericKDZ.70799
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Agent.R304664
Acronissuspicious
BitDefenderThetaAI:Packer.6FD2372A1E
ALYacTrojan.GenericKDZ.70799
MAXmalware (ai score=84)
VBA32Worm.Agent
MalwarebytesWorm.Agent.MSGR
ESET-NOD32Win32/Agent.CP
TrendMicro-HouseCallTROJ_GEN.R06EC0CKI20
TencentMalware.Win32.Gencirc.10b07ba5
YandexTrojan.GenAsa!yTn6LLlAQA4
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_90%
FortinetW32/Agent.CP!worm
AVGFileRepMalware

How to remove Worm.Agent.MSGR?

Worm.Agent.MSGR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment