Trojan.MSIL.Agent

Trojan.MSIL.Agent Description

Type: Trojan

Trojan.MSIL.Agent is a malicious trojan infection which uses malicious tricks to download nasty malware threats from the web. Trojan.MSIL.Agent penetrates and installs the infected computer system without a user's awareness or authorization when he/she open unidentified email attachment or image, use instant messaging, etc. Trojan.MSIL.Agent is often bundled with free downloadable software or a malicious website you visited that set Trojan.MSIL.Agent on your machine. Trojan.MSIL.Agent may track your Internet activities, steal user names and passwords, credit card numbers and other private details. Trojan.MSIL.Agent is a serious threat for the PC system and has to be removed immediately.

Technical Information

File System Details

Trojan.MSIL.Agent creates the following file(s):
# File Name Size MD5 Detection Count
1 %SYSTEMDRIVE%\Users\Administrator\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe\SoftwareUpdService.exe 161,280 08ee53134d503e717b9913f15bbecd4f 2,580
2 %SYSTEMDRIVE%\users\marvin\appdata\local\temp\is-asrai.tmp\marshall.exe\marshall.exe 1,227,232 979750935a9c5ae663c2ce1903c24385 1,879
3 %APPDATA%\Java\JavaUpdateScheduler.exe 167,424 df42f11d0ec5102632d40e1ba13e8722 435
4 %APPDATA%\Microsoft\Windows\Templates\vmnethcp.exe 14,336 338283cc6173ebcace3f53ffe53d913e 194
5 %SYSTEMDRIVE%\Users\TGDcom\AppData\Local\Temp\CjvK0cDVXH.exe\CjvK0cDVXH.exe 1,175,040 5488a8d14687c9e6ab0444ce895980c0 158
6 %APPDATA%\WinRAR\AMD External Events Client.exe 10,752 ee9638647f73da0fec5da0d165670b49 121
7 C:\WINDOWS\SysWOW64\MicrosoftcriticalUpdate.exe 50,688 51b4290905850a74f321abfd4826f790 77
8 %SYSTEMDRIVE%\Users\Equipe\AppData\Local\AppVShNotifyt-t.exe\AppVShNotifyt-t.exe 41,984 0b925cbf8479752674161740b0a3e30f 56
9 %SYSTEMDRIVE%\Users\Slim\AppData\Roaming\Workspace\vstools.exe\vstools.exe 417,280 a3e71acf4cb478d9d108d393f65017d8 42
10 %ALLUSERSPROFILE%\Updates\MicrosoftSecurityClient.exe 80,896 3c7a1e9c0a5bcb84cf0c1c045f518178 36
11 %ALLUSERSPROFILE%\Win10\Windows10.exe 698,880 993fbf24daf1888811dd7b95dffef401 9
12 C:\Users\vtc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5beaedad620926c7d78777eeb702b8a1.exe 231,424 b5ad362fe8b6f4ada91b84d9bf3eb8a8 3
13 %USERPROFILE%\Bureaublad\iepv_setup.exe 122,614 df6e95971e700f2a3231ee0366b92cf6 2
14 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Audiodb.exe 210,944 61f0565f425d0bb28ea3d4790012876e 2
15 %APPDATA%\cryptedstealerserver.exe 1,413,120 f20327c8bd7c272f82a3fa62ab858cfb 1
16 %APPDATA%\Temp\TasksHost\thostmgr.exe 6,144 a9d619ba076612e87ba75a3c3a8edd99 1
17 %SYSTEMDRIVE%\Users\user\AppData\Roaming\mdn\mdn.exe\mdn.exe 279,552 6f7ae7991e1dd6c0a1c8153e61bd378c 1
18 c:\windows\installer\sourcehash{8220eefe-38cd-377e-8595-13398d740ace} 20,480 263ab98632ed4c32a7f3af02de7f080b 1
19 c:\Documents and Settings\All Users\Start Menu\Trojan.MSIL.Agent\ c:\Documents and Settings\All Users\Trojan.MSIL.Agent\ and delete N/A
20 %PROGRAM_FILES%\Trojan.MSIL.Agent N/A
21 viafile.exe 287,232 f37d28e6663b0ce28f6c4f59294e3dd6 0
More files

Registry Details

Trojan.MSIL.Agent creates the following registry entry or registry entries:
Directory
%APPDATA%\kna
%APPDATA%\Temp\TasksHost
%APPDATA%\ViaFolder
%userprofile%\Documents\IISExpress\Nonce
Regexp file mask
%ALLUSERSPROFILE%\Application Data\UpdateService\UpdateService.exe
%ALLUSERSPROFILE%\GameConfig\Gameconfig.exe
%ALLUSERSPROFILE%\Intel\iusb3.exe
%ALLUSERSPROFILE%\syscall.exe
%ALLUSERSPROFILE%\Updates\MicrosoftSecurityClient.exe
%ALLUSERSPROFILE%\UpdateService\UpdateService.exe
%APPDATA%\Bonjour mDNS Responder.exe
%APPDATA%\Java\JavaUpdateScheduler.exe
%APPDATA%\Microsoft\dwmDesktop.exe
%APPDATA%\Microsoft\Network\Connections\hostdl.exe
%APPDATA%\Microsoft\Windows\Start Menu\Client.exe
%APPDATA%\Microsoft\Windows\Templates\vmnethcp.exe
%APPDATA%\suchost.exe
%APPDATA%\ViaFile.EXE
%APPDATA%\view\viewU{0,1}.exe
%APPDATA%\Workspace\vstools.exe
%appdata%\xmscl.exe
%LOCALAPPDATA%\AppVShNotify[RANDOM CHARACTERS].exe
%TEMP%\SystemServices\[RANDOM CHARACTERS].exe
%USERPROFILE%\Documents\IISExpress\Config\MicrosoftIISAdministration.exe
%USERPROFILE%\Documents\IISExpress\Config\Updates\AU3_EXE11.exe
RegistryKey
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = '%UserProfile%Application Data[SET OF RANDOM CHARACTERS].exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = '%UserProfile%Application DataMicrosoft[SET OF RANDOM CHARACTERS].exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.