Worm

What is “Worm:MSIL/Shaskooth.A”?

Malware Removal

The Worm:MSIL/Shaskooth.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:MSIL/Shaskooth.A virus can do?

  • Creates RWX memory
  • A process created a hidden window
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Worm:MSIL/Shaskooth.A?


File Info:

crc32: 23DE393A
md5: e40a6e4968ff563c8480f6e53e63fe93
name: confira-as-fotos-da-festa-trofeu-atitude-trofeu-atitude-2019-5defea85a863c.exe
sha1: 01adabdfef41a79b9dfe16e3e76aa2b3e57c032e
sha256: c2abe130fbea616db20190dc8c7031a1f6d185f3a0cbf26e13d3065cfa006112
sha512: 1a85d081b3a1a011ceffa4bfbcfb5b5a502551b208584f1924a69b4f12301d252e8e95b4478054da53eaa77786418d52e36e1ca8e53161a258d43fe884067458
ssdeep: 1536:L33PxmKXA9Rsc33i6EBXR2n7dqnfiVDIHMPV0+l/sLOUp:LPxs99zeiVD+EmUsLOUp
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft 2010
Assembly Version: 1.0.0.0
InternalName: taskhost system 32.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
ProductName: taskhost system 32
ProductVersion: 1.0.0.0
FileDescription: taskhost system 32
OriginalFilename: taskhost system 32.exe

Worm:MSIL/Shaskooth.A also known as:

BkavW32.FakeW7Folder.Fam.Trojan
MicroWorld-eScanGen:Variant.MSILPerseus.42425
FireEyeGen:Variant.MSILPerseus.42425
CAT-QuickHealTrojan.GenericFC.S6055997
McAfeeW32/Autorun.worm.hy
MalwarebytesWorm.AutoRun
VIPRETrojan.Win32.Generic!BT
AegisLabWorm.MSIL.Autorun.o!c
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.MSILPerseus.42425
K7GWTrojan ( 700000121 )
Cybereasonmalicious.968ff5
TrendMicroWORM_SHASKOOTH.E
SymantecTrojan.Gen.2
ESET-NOD32MSIL/Autorun.Agent.AD
AvastWin32:GenMaliciousA-THX [Trj]
ClamAVWin.Trojan.Agent-503293
GDataGen:Variant.MSILPerseus.42425
KasperskyWorm.MSIL.Autorun.hr
AlibabaWorm:MSIL/Autorun.ecbbcff3
NANO-AntivirusTrojan.Win32.Autorun.dcmsvd
RisingWorm.Autorun!8.50 (TFE:C:eprXG0cw2eC)
Endgamemalicious (high confidence)
EmsisoftGen:Variant.MSILPerseus.42425 (B)
ComodoTrojWare.MSIL.Autorun.BNTZ@5hy51a
F-SecureHeuristic.HEUR/AGEN.1001380
DrWebTrojan.MulDrop4.30700
ZillyaWorm.AutoRun.Win32.121885
Invinceaheuristic
McAfee-GW-EditionW32/Autorun.worm.hy
CMCWorm.MSIL.Autorun!O
SophosMal/MSIL-JD
IkarusWorm.Win32.Msil
CyrenW32/Trojan.SKRW-0800
MaxSecureTrojan.Malware.8946323.susgen
AviraHEUR/AGEN.1001380
MAXmalware (ai score=100)
Antiy-AVLWorm/MSIL.Autorun
MicrosoftWorm:MSIL/Shaskooth.A
ArcabitTrojan.MSILPerseus.DA5B9
SUPERAntiSpywareTrojan.Agent/Gen-Autorun
ZoneAlarmWorm.MSIL.Autorun.hr
AhnLab-V3Worm/Win32.AutoRun.R151327
VBA32Worm.MSIL.Autorun
ALYacGen:Variant.MSILPerseus.42425
Ad-AwareGen:Variant.MSILPerseus.42425
CylanceUnsafe
PandaGeneric Malware
ZonerTrojan.Win32.14388
TrendMicro-HouseCallWORM_SHASKOOTH.E
TencentMsil.Worm.Autorun.Aguk
YandexWorm.Autorun!W3CZj6FtmeI
FortinetMSIL/AutoRun.AD!worm
WebrootW32.Wormmsil.Shaskooth.A
AVGWin32:GenMaliciousA-THX [Trj]
Qihoo-360Win32/Worm.c91

How to remove Worm:MSIL/Shaskooth.A?

Worm:MSIL/Shaskooth.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment